BSidesSF 2020

Event locked in Sched to limit confusion, see registration to determine current session availability.
Event held offsite, location to be announced (NOT METREON!)
Registration at https://bsidessf.regfox.com/2020 REQUIRED (cannot be reserved with Sched)

A shortened version of Seth & Ken's Excellent Adventures in Secure Code Review. This workshop addresses common challenges in modern secure code review through hands on review of open source projects as brought by attendees. Seth will quickly introduce the Absolute AppSec Secure Code Review Framework and guide attendees in reviewing open source projects of their choosing using this framework.

Come practice your secure code review technique and learn from our past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will implement our methodology over the course of a couple of hours and perform security analysis of the chosen repositories to attempt to suss out security flaws, no matter the size of the code base, or the framework, or the language.

As a student you will be expected to bring a laptop, an IDE, and an open source project for review during the workshop. Seth will introduce the methodology, techniques, approaches, and tools used by Seth Law and Ken Johnson to understand code flows, trace user input, identify vulnerabilities, and effectively secure an application code base.