
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
1 July - 38 minsManual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from an LLM assistant, and then applies that understanding to a search for developer patterns that lead to common mistakes like mishandling data, not enforcing a control flow, or not defending against unexpected application states. He explains how finding those kinds of more impactful bugs are rewarding for the reviewer and valuable to the code owner. It...

Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet.. - SWN #490
31 mins
1 July Finished

The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413
1 hour 52 mins
30 June Finished

Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489
31 mins
27 June Finished

Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
1 hour 5 mins
25 June Finished