Nicola Pietroluongo is a software engineer and team leader with many years of experience. He is building web applications for big companies across the Europe and managing complex cloud infrastructure. In his spare time he is creating and contributing to awesome PHP open source projects (Fakerino). Nicola has written technical articles for some of the biggest PHP websites and magazines. Furthermore, he is the author of "Learning PHP7" (Packt publishing) nicolapietroluongo.com.
The Security Code Review guide
Is your code secure? Do you know what are the practices in secure code review? In this talk you will see the important aspects of the various controls to build a reference when conducting secure code reviews.
The talk is composed by 3 parts: an overview to secure code review and the advantages it can bring. A methodology section with more detail on how to integrate secure review techniques into development organizations S-SDLC and what are the main attacks you should fight against. The talks includes topics as risk based intelligence and threat modelling to understand the application and how external business drivers can affect the need for secure code review.