ISSA-LA InfoSec Summit XI

Of all the topics related to application security, manual code review is probably one of the least popular. In the days of automation and fast paced delivery, who wants to sit down and go through tens of thousands of lines of code to search for a vulnerability? It's a long and tedious task - and it has been replaced by static application security testing.
Or has it?

In this presentation, you will learn about the advantages of doing a proper code review early in the development process. We will break this task into short and manageable iterations, each adapted to a given phase of application development. You will learn about the required skillset, useful shortcuts to speed up the process, and where code review fits in relation to other application security tools and techniques.
By the end of this presentation, it will be clear why a manual code review might very well be the one of the best investment you can make in your application security program.