Explore strategies for efficiently reviewing large codebases in this 33-minute OWASP Foundation conference talk. Discover the speaker's approach to analyzing 2.6 million lines of code on-site, including experiments conducted and unexpected challenges encountered. Learn about various techniques such as line-by-line reading, vulnerability identification, code parsing, abstract syntax trees, control flow graphs, and state space search algorithms. Gain insights into static code analysis, parallelization, native code handling, security metrics, and Unicode conversion. Consider the limitations and future directions for improving code review processes in large-scale software projects.
Overview
Syllabus
intro
jons background
what were going to talk about
what i tried
reading line by line
finding vulnerabilities
looking for inspiration
playing a game
C magic
C magic fails
Code parsing
Abstract syntax trees
Control flow graph
Statespace search
Depthfirst search
Depthsecond search
completeness
AI
StackTrace
Live Demo
Static Code Analysis
Parallelization
Native code
Security Metric
Unicode Conversion
Another example
regression testing
caveats
what next
Taught by
OWASP Foundation
