Secure Code Review: Catching Vulnerabilities at the Source

Presented by

Dan Mateer, HackerOne, Will Barrett, Tranzito

About this talk

Security vulnerabilities discovered in applications are almost always rooted in security flaws in source code. Here, weaknesses may be logical errors, missing validation, insufficient logging, poor secrets management, missing user permissions checks, unsafe string concatenation, misconfigurations, and much more. In this session, you'll learn the importance of incorporating secure code review in the software development lifecycle. While automated scans are helpful and powerful tools, they're no replacement for code review by human experts.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (114)
Subscribers (10158)
HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.