Source Code Review for Penetration Testers

Course Rationale

This course is designed to expose penetration testers to various approaches used in professional source code reviews. This course will not focus on specific vulnerabilities, but instead focus on strategies and tactics outlined in “The Art of Software Security Assessment” which have been vetted through the personal experience of the instructor. This is a hands-on workshop.

Prerequisites

A student should have prior exposure to testing dynamic applications, as well as exposure to programming languages.

Learning Outcomes

Upon successful completion of this course, students will be able to:

  • Find more security issues, more consistently
  • Identify an appropriate approach to source code review that depends on client needs, scope and personal skill
  • Demonstrate and apply the basic principles of code review strategies, such as:
  • Design generalization
  • Candidate point
  • Code comprehension
  • Leverage code review tactics to not get miserably lost during a review
  • Develop a basic understanding of how to scale a review from several hundred lines to several thousand
  • Build a custom list of candidate points for targeted reviews

Presented by