WoSEC!
Question for anyone: Do you include defense in depth in code reviews? So like if there's an edge case where a user with admin rights could hack everything if someone forgot to sanitize 1/5000 inputs, do you bring up that they may want to reconsider their approach?
Do you need to do a secure code review and you don't know where to start? My friend (@pentesq) Paul Ionescu created a hot-to guide, check it out, here: https://medium.com/@paul_io/security-code-review-101-a3c593dc6854 …
(Context, someone asked me so I thought I'd share with everyone!)
-
-
-
Of course! I think that might be threat modelling, but definitely I want to have as many defences as we can afford. When I say "afford" I mean justify the cost of, we can't spend a million dollars protecting something only worth $100.
- Još 1 odgovor
Novi razgovor -
-
-
thanks for sharing!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.