Explore an innovative approach to manual code review in this 43-minute conference talk from AppSecUSA 2016. Learn how to combine penetration testing and code review techniques using interactive debugging to maximize efficiency and effectiveness. Discover the benefits of employing a debugger for live system analysis, and gain practical insights into implementing this eye-opening methodology. Delve into topics such as interactive application security testing, debugging techniques, breakpoints, bytecode analysis, and provider-level debugging. Understand when this approach may not be suitable and how to overcome common challenges in code review processes.
Putting an "I" in Code Review - Turning Code Reviewing Interactive - AppSecUSA 2016
Overview
Syllabus
Introduction
Whats wrong with code review
Interactive application security testing
Demo
Debugging
File
Reflector
Breakpoints
bytecode
provider level debugging
provider level breakpoint
instrumentation
debugger
provider break points
Eclipse
When is this bad
Taught by
OWASP Foundation
