code review – Page 6 – WindowsTechs.com

2 million lines of source code left exposed by phone company EE

Posted on May 14, 2018 by Lisa Vaas

What should be secret AWS and API keys were (un)secured with the default password credentials: “admin” as the name, “admin” for a password. Continue reading 2 million lines of source code left exposed by phone company EE→

If I put a variable in the private section of a class, will the variable have more protection againsted reverse engineering?

Posted on April 30, 2018 by AJaB

class LockdownUnlock{
private:
/*snip*/
std::string rootCertificate; //Will this protect the data?
/*snip*/
public:
/*snip*/
}LDUnlock;

Continue reading If I put a variable in the private section of a class, will the variable have more protection againsted reverse engineering?→

Daniel Stori’s ‘Commitland’

Posted on April 13, 2018 by Marc Handelman

via the inimitable and funny Daniel Stori at turnoff.us
The post Daniel Stori’s ‘Commitland’ appeared first on Security Boulevard.
Continue reading Daniel Stori’s ‘Commitland’→

Penetration Testing vs Secure Source Code Review

Posted on March 30, 2018 by Khopcha

Recently I came across to a situation where an institution has hired a third party vendor to develop its business applications. I came up with the following questions related to penetration testing and independent third party… Continue reading Penetration Testing vs Secure Source Code Review→

NDC Security, Patricia Aas’ ‘Secure Programming Practices in C++’

Posted on February 16, 2018 by Marc Handelman

Permalink
The post NDC Security, Patricia Aas’ ‘Secure Programming Practices in C++’ appeared first on Security Boulevard.
Continue reading NDC Security, Patricia Aas’ ‘Secure Programming Practices in C++’→

What should be the process to review libraries used in Software/Web development for vulnerabilities?

Posted on February 7, 2018 by Xterm

I want to build a process for reviewing libraries used in Software/Web development for vulnerabilities . Can someone suggest on some ways to achieve this.

Continue reading What should be the process to review libraries used in Software/Web development for vulnerabilities?→

Fast Times At Grammarly High…

Posted on February 7, 2018 by Marc Handelman

Tavis Ormandy (a member of Google’s Project Zero organization) has found, reported and the offending Grammarly code fixed by Grammarly in reportedly (by Tavis) in record time). A small bit of advoce for Grammarly, and others: Have your code thor… Continue reading Fast Times At Grammarly High…→

Daniel Stori, ‘The Last Resort’

Posted on February 2, 2018 by Marc Handelman

via the eponymous Daniel Stori at turnoff.us!

Permalink
The post Daniel Stori, ‘The Last Resort’ appeared first on Security Boulevard.
Continue reading Daniel Stori, ‘The Last Resort’→

Need to create an interview environment for a Security Engineer candidate

Posted on January 11, 2018 by marcodv

I work in a medium sized startup as DevOps Engineer and we need to hire a security engineer. Since I have never done it, the company asked me to create an environment where the security engineer candidate should do his tasks … Continue reading Need to create an interview environment for a Security Engineer candidate→

Buffer overflow due to strlen, strcpy, strcat

Posted on January 8, 2018 by Rochelle

I’m new to secure code review. I know that strlen will calculates the length until it finds a null character. This is a part of a larger code.

char* executeMount(char* password, char* path, int unmountOrMount)
{
char* catS… Continue reading Buffer overflow due to strlen, strcpy, strcat→