SlideShare a Scribd company logo

Code Review Looking for a vulnerable code. Vlad Savitsky.

Download as PPT, PDF
DrupalCampDN
DrupalCampDN
TechnologyBusiness
1 of 26
Code Review Looking for a vulnerable code Vlad Savitsky http://donetsk.drupal.ua
Code Review Looking for a vulnerable code
Twitter: У нас ввели code-review. – А это как? – Ну как, сидишь, читаешь код, ревёшь... http://twitter.com/#!/dallaylaen/status/129887114576920577
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object]
Why review code? ,[object Object],[object Object],[object Object],[object Object],[object Object]
What you shouldn't review? ,[object Object],[object Object]
When code should be reviewed? ,[object Object],[object Object],[object Object]
When code should be reviews? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Who should do code review? ,[object Object],[object Object]
Code Review or Person Review ,[object Object],[object Object],[object Object]
Golden Rule of Code Review ,[object Object],[object Object],[object Object]
 
Goal of Code Review Perfect code made by not perfect developers.
How to find a vulnerability?
 
Find XSS ,[object Object],[object Object],[object Object],[object Object]
 
SQL injection ,[object Object],[object Object],[object Object],[object Object],[object Object]
Bad smelling code ,[object Object],[object Object]
Drupal Security Team
Goals of the security team ,[object Object],[object Object],[object Object],[object Object]
How to report a security issue ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How the security team works with issues ,[object Object],[object Object],[object Object],[object Object],[object Object]
Issues with contributed modules ,[object Object],[object Object],[object Object]
Happy Code Review!!!
Questions? ,[object Object],[object Object],[object Object]

Recommended

Code Review
Code ReviewCode Review
Code Review
R M Shahidul Islam Shahed
 
Code Review
Code ReviewCode Review
Code Review
Divante
 
Code review
Code reviewCode review
Code review
Abhishek Sur
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
Lalit Kale
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and When
Paul Gower
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review Process
Dr. Syed Hassan Amin
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?
Dmitriy Nesteryuk
 
Quest for the ultimate autotest coverage
Quest for the ultimate autotest coverageQuest for the ultimate autotest coverage
Quest for the ultimate autotest coverage
Alexander Pushkarev
 

Recommended

Code Review
Code ReviewCode Review
Code Review
R M Shahidul Islam Shahed
 
Code Review
Code ReviewCode Review
Code Review
Divante
 
Code review
Code reviewCode review
Code review
Abhishek Sur
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
Lalit Kale
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and When
Paul Gower
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review Process
Dr. Syed Hassan Amin
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?
Dmitriy Nesteryuk
 
Quest for the ultimate autotest coverage
Quest for the ultimate autotest coverageQuest for the ultimate autotest coverage
Quest for the ultimate autotest coverage
Alexander Pushkarev
 
Code Review
Code ReviewCode Review
Code Review
rantav
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
Trisha Gee
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and When
Paul Gower
 
Code review in practice
Code review in practiceCode review in practice
Code review in practice
Edorian
 
Should you be your own judge?
Should you be your own judge?Should you be your own judge?
Should you be your own judge?
Achyut Pokhrel
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Søren Lund
 
Agile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practiceAgile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practice
denis Udod
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit Testing
Søren Lund
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Orest Ivasiv
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysis
Mikalai Alimenkou
 
Testing on frontend
Testing on frontendTesting on frontend
Testing on frontend
Afif Alfiano
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016
Søren Lund
 
Best Practices of Software Development
Best Practices of Software DevelopmentBest Practices of Software Development
Best Practices of Software Development
Folio3 Software
 
Helping Programmers Write Better Tests
Helping Programmers Write Better TestsHelping Programmers Write Better Tests
Helping Programmers Write Better Tests
Geoffrey Dunn
 
PHPUnit from a developer's perspective
PHPUnit from a developer's perspectivePHPUnit from a developer's perspective
PHPUnit from a developer's perspective
Tushar Joshi
 
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QAFest
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Сергей Гоменюк
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
Bala Subra
 
Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"
Fwdays
 
Code Review
Code ReviewCode Review
Code Review
Ravi Raj
 
Unit iv
Unit ivUnit iv
Unit iv
Sangeetha Rangarajan
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional Programmer
Dave Cross
 

More Related Content

What's hot

Code Review
Code ReviewCode Review
Code Review
rantav
 
Agile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practiceAgile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practice
denis Udod
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit Testing
Søren Lund
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Orest Ivasiv
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysis
Mikalai Alimenkou
 
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QAFest
 

What's hot (19)

Code Review
Code ReviewCode Review
Code Review
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and When
 
Code review in practice
Code review in practiceCode review in practice
Code review in practice
 
Should you be your own judge?
Should you be your own judge?Should you be your own judge?
Should you be your own judge?
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016
 
Agile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practiceAgile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practice
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit Testing
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysis
 
Testing on frontend
Testing on frontendTesting on frontend
Testing on frontend
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016
 
Best Practices of Software Development
Best Practices of Software DevelopmentBest Practices of Software Development
Best Practices of Software Development
 
Helping Programmers Write Better Tests
Helping Programmers Write Better TestsHelping Programmers Write Better Tests
Helping Programmers Write Better Tests
 
PHPUnit from a developer's perspective
PHPUnit from a developer's perspectivePHPUnit from a developer's perspective
PHPUnit from a developer's perspective
 
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"
 

Similar to Code Review Looking for a vulnerable code. Vlad Savitsky.

Code Review
Code ReviewCode Review
Code Review
Ravi Raj
 
Codingstandards matiar
Codingstandards matiarCodingstandards matiar
Codingstandards matiar
Matiar Rahman
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testing
phanleson
 
Building Scalable Development Environments
Building Scalable Development EnvironmentsBuilding Scalable Development Environments
Building Scalable Development Environments
Shahar Evron
 
Cas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projectsCas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projects
Agile Spain
 

Similar to Code Review Looking for a vulnerable code. Vlad Savitsky. (20)

Code Review
Code ReviewCode Review
Code Review
 
Unit iv
Unit ivUnit iv
Unit iv
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional Programmer
 
Codingstandards matiar
Codingstandards matiarCodingstandards matiar
Codingstandards matiar
 
Ensuring code quality
Ensuring code qualityEnsuring code quality
Ensuring code quality
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testing
 
Software Development Standard Operating Procedure
Software Development Standard Operating Procedure Software Development Standard Operating Procedure
Software Development Standard Operating Procedure
 
Software Design
Software DesignSoftware Design
Software Design
 
Building Scalable Development Environments
Building Scalable Development EnvironmentsBuilding Scalable Development Environments
Building Scalable Development Environments
 
Introduction to Behavior Driven Development
Introduction to Behavior Driven Development Introduction to Behavior Driven Development
Introduction to Behavior Driven Development
 
Android develop guideline
Android develop guidelineAndroid develop guideline
Android develop guideline
 
Code review best practice
Code review best practiceCode review best practice
Code review best practice
 
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Cas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projectsCas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projects
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
TestDrivenDeveloment
TestDrivenDevelomentTestDrivenDeveloment
TestDrivenDeveloment
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptx
 
Cinci ug-january2011-anti-patterns
Cinci ug-january2011-anti-patternsCinci ug-january2011-anti-patterns
Cinci ug-january2011-anti-patterns
 

More from DrupalCampDN

Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef DabernigDrupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
DrupalCampDN
 
Our AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew BoagOur AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew Boag
DrupalCampDN
 
Migrate - new way site upgrade
Migrate - new way site upgradeMigrate - new way site upgrade
Migrate - new way site upgrade
DrupalCampDN
 
Rich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим ВалуевRich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим Валуев
DrupalCampDN
 
Panels как философия - Alexander Danilenko
Panels как философия - Alexander DanilenkoPanels как философия - Alexander Danilenko
Panels как философия - Alexander Danilenko
DrupalCampDN
 
DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalCampDN
 
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychevTwig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
DrupalCampDN
 
Презентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury GlushkovПрезентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury Glushkov
DrupalCampDN
 
Boost your theming skills - Artem Shymko
Boost your theming skills - Artem ShymkoBoost your theming skills - Artem Shymko
Boost your theming skills - Artem Shymko
DrupalCampDN
 
Continious integration - Иван Лещёв
Continious integration - Иван ЛещёвContinious integration - Иван Лещёв
Continious integration - Иван Лещёв
DrupalCampDN
 
Rules - Yaroslav Doroshuk
Rules - Yaroslav DoroshukRules - Yaroslav Doroshuk
Rules - Yaroslav Doroshuk
DrupalCampDN
 

More from DrupalCampDN (20)

Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef DabernigDrupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
 
Dependency Injection in Drupal 8 - Стадник АндрейQweqwe
Dependency Injection in Drupal 8 - Стадник АндрейQweqweDependency Injection in Drupal 8 - Стадник АндрейQweqwe
Dependency Injection in Drupal 8 - Стадник АндрейQweqwe
 
Our AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew BoagOur AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew Boag
 
Guzzle in Drupal 8 and as a REST client - Артем Мирошник
Guzzle in Drupal 8 and as a REST client - Артем МирошникGuzzle in Drupal 8 and as a REST client - Артем Мирошник
Guzzle in Drupal 8 and as a REST client - Артем Мирошник
 
Blocks & Layouts in D7 - Josef Dabernig
Blocks & Layouts in D7 - Josef DabernigBlocks & Layouts in D7 - Josef Dabernig
Blocks & Layouts in D7 - Josef Dabernig
 
CKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
CKEditor в Drupal: тонкая настройка и кастомизация - Osman SeferovCKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
CKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
 
Drush - use full power - Alexander Schedrov
Drush - use full power - Alexander SchedrovDrush - use full power - Alexander Schedrov
Drush - use full power - Alexander Schedrov
 
Это Drupal, %username%! - Андрей Черноус
Это Drupal, %username%! - Андрей ЧерноусЭто Drupal, %username%! - Андрей Черноус
Это Drupal, %username%! - Андрей Черноус
 
Migrate - new way site upgrade
Migrate - new way site upgradeMigrate - new way site upgrade
Migrate - new way site upgrade
 
Caching on highload Drupal site - Alexander Shumenko
Caching on highload Drupal site - Alexander ShumenkoCaching on highload Drupal site - Alexander Shumenko
Caching on highload Drupal site - Alexander Shumenko
 
Rich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим ВалуевRich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим Валуев
 
May the parallelity be with you! Distributed computing using Erlang language ...
May the parallelity be with you! Distributed computing using Erlang language ...May the parallelity be with you! Distributed computing using Erlang language ...
May the parallelity be with you! Distributed computing using Erlang language ...
 
Panels как философия - Alexander Danilenko
Panels как философия - Alexander DanilenkoPanels как философия - Alexander Danilenko
Panels как философия - Alexander Danilenko
 
DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...
 
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychevTwig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
 
Презентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury GlushkovПрезентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury Glushkov
 
Drupal and Outer space - Martin Mayer
Drupal and Outer space - Martin MayerDrupal and Outer space - Martin Mayer
Drupal and Outer space - Martin Mayer
 
Boost your theming skills - Artem Shymko
Boost your theming skills - Artem ShymkoBoost your theming skills - Artem Shymko
Boost your theming skills - Artem Shymko
 
Continious integration - Иван Лещёв
Continious integration - Иван ЛещёвContinious integration - Иван Лещёв
Continious integration - Иван Лещёв
 
Rules - Yaroslav Doroshuk
Rules - Yaroslav DoroshukRules - Yaroslav Doroshuk
Rules - Yaroslav Doroshuk
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Code Review Looking for a vulnerable code. Vlad Savitsky.

Editor's Notes

  1. Highly Critical - Remotely exploitable vulnerabilities that can compromise the system. Interaction is not normally required for this exploit to be successful. Exploits have occurred to systems. Previous examples include: Local file inclusion on Windows, Impersonation, privilege escalation Critical - Remotely exploitable Denial of Service (DOS) vulnerabilities that can compromise the system but do require user interaction. Vulnerabilities that may allow anonymous users (i.e. users not registered at the site) to log in as a site user or take administrative actions. Interaction (such as an administrator viewing a particular page) may be required for this exploit to be successful, or in cases where interaction is not required (such as CSRF) the exploit causes only minor damage. Previous examples include: OpenID impersonation, SQL injection Moderately Critical (3 of 5): Remotely exploitable vulnerabilities that can compromise the system. Interaction (such as an administrator viewing a particular page) is required for this exploit to be successful. Exploits have not yet occurred on systems when vulnerability was disclosed. The exploit requires the user to be registered at the site and have some non-default permission, such as creating content. Previous examples include: Cross Site Scripting, Access bypass Less Critical (2 of 5): Used for cross-site request forgery vulnerabilities as well as privilege escalation vulnerabilities which require complex chains of events. This rating also includes vulnerabilities which might expose sensitive data to local users. Previous examples include: Session fixation, Cross site request forgery Not Critical (1 of 5): Rating is used for limited privilege escalation vulnerabilities and locally Denial of Service (DOS) vulnerabilities. Previous examples include: Access bypass