All your codebase are belong to us

Presented at CactusCon 11 (2023), Jan. 28, 2023, 4 p.m. (240 minutes).

Bring your code snippets, your authorization file, or any piece of code you'd like to tear into, and we'll show you a practical method for finding bugs in your code. It's a hybrid of training in the Absolute AppSec methodology of secure-code review and live hackathon! Speakers Seth Law, Ken Johnson, and Justin Larson will briefly discuss how they schedule out time for code reviews in their actual day-to-day consulting and redeem managing work, and then dive into source code with students to provide real-life experience.

Presenters:

• @cktricky - Director of Offense, Product Security Engineering - GitHub
  Ken Johnson, has been hacking web applications professionally for 14 years and given security training for 11 of those years. Ken is both a breaker and builder and currently works as a Director within GitHub’s Product Security Engineering team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current passion project is the Absolute AppSec podcast with Seth Law.
• @sethlaw - Principal Consultant, Redpoint Security
  Seth Law is the Founder and Principal Consultant of Redpoint Security (redpointsecurity.com). During the last 15 years, Seth has worked within multiple security disciplines, including application development, cloud architecture, and network protection, both as a manager and individual contributor. Seth has honed his security skills using offensive and defensive techniques, including tool development and security research. His understanding of the software development lifecycle and ability to equate security issues to development tasks has allowed him to speak at conferences ranging from Blackhat and DEF CON to local security meetups. In his spare time, Seth revels in deep-level analysis of programming languages and inherent flaws, develops the iOS version of HackerTracker, and co-hosts the Absolute AppSec podcast with Ken Johnson.
• Justin Larson - Appsec Consultant
  Justin spends his 9-5 day looking at code and testing applications, rest of time is spent with family outside in the mountains.

Links:

• https://cactuscon-11.sessionize.com/session/394769

Similar Presentations:

• AppSec USA 2012 / Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
• DEF CON 30 (2022) / Practical Secure Code Review (Monday) Training
• DEF CON 30 (2022) / Practical Secure Code Review (Tuesday) Training