Ryan Goltry
You come upon a long running project that has never had a security centric code review before. There are a couple millions lines of code, web applications, microservices, a database; a gold mine of s*** to dig through. The opportunities for findings is massive. How the next steps are executed all depend on situational awareness and could result in CSMs (career shortening maneuvers). Topics covered will include what tools to have in the kit for a whitebox code review, what to prioritize, and whom with and how to collaborate with for short and longer term engagements.
Ryan is a Santa Maria Lime Steak Rub seasoned IT Generalist with a love of performance tuning and security reviews. A senior security architect, he is a recovering CISO with a wealth of web application security experience. Currently interested in helping SOC operators, while researching botnet detection, SSL traffic management, and beer.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek