we protect organizations based on objectives, outcomes and how business actually works


Source code review is the practice of reviewing developed code for vulnerabilities. There are many ways to review the security of an application and it is recommended to perform more than one method to help ensure more assessment coverage. Penetration testing is great at finding certain bugs such as technical signature or API based issues. Issues related to privacy, information leakage, denial of service are more suited to code review. Source code review is also good practice as you are finding issues early in the SDLC. Locating and fixing issues early in your SDLC makes it cheaper in terms of effort and cost to remediate. It also empowers developers to understand security bugs at the source code level such that they may not repeat the same mistakes. During this course, we will be using OWASP Code Review Guide v2.0 as baseline and benchmark and will be covering aspect such as follows: Data Validation, Authentication, Session Management, Authorization, Cryptography, Error Handling, Logging, Security Configuration, and Network Architechture.