SlideShare a Scribd company logo

Code Review Looking for a vulnerable code. Vlad Savitsky.

Download as PPT, PDF
DrupalCampDN
DrupalCampDN
TechnologyBusiness
1 of 26
Code Review Looking for a vulnerable code Vlad Savitsky http://donetsk.drupal.ua
Code Review Looking for a vulnerable code
Twitter: У нас ввели code-review. – А это как? – Ну как, сидишь, читаешь код, ревёшь... http://twitter.com/#!/dallaylaen/status/129887114576920577
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object]
Why review code? ,[object Object],[object Object],[object Object],[object Object],[object Object]
What you shouldn't review? ,[object Object],[object Object]
When code should be reviewed? ,[object Object],[object Object],[object Object]
When code should be reviews? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Who should do code review? ,[object Object],[object Object]
Code Review or Person Review ,[object Object],[object Object],[object Object]
Golden Rule of Code Review ,[object Object],[object Object],[object Object]
 
Goal of Code Review Perfect code made by not perfect developers.
How to find a vulnerability?
 
Find XSS ,[object Object],[object Object],[object Object],[object Object]
 
SQL injection ,[object Object],[object Object],[object Object],[object Object],[object Object]
Bad smelling code ,[object Object],[object Object]
Drupal Security Team
Goals of the security team ,[object Object],[object Object],[object Object],[object Object]
How to report a security issue ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How the security team works with issues ,[object Object],[object Object],[object Object],[object Object],[object Object]
Issues with contributed modules ,[object Object],[object Object],[object Object]
Happy Code Review!!!
Questions? ,[object Object],[object Object],[object Object]

Recommended

Code Review
Code ReviewCode Review
Code ReviewR M Shahidul Islam Shahed
 
Code Review
Code ReviewCode Review
Code ReviewDivante
 
Code review
Code reviewCode review
Code reviewAbhishek Sur
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and WhenPaul Gower
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessDr. Syed Hassan Amin
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?Dmitriy Nesteryuk
 
Quest for the ultimate autotest coverage
Quest for the ultimate autotest coverageQuest for the ultimate autotest coverage
Quest for the ultimate autotest coverageAlexander Pushkarev
 

Recommended

Code Review
Code ReviewCode Review
Code ReviewR M Shahidul Islam Shahed
 
Code Review
Code ReviewCode Review
Code ReviewDivante
 
Code review
Code reviewCode review
Code reviewAbhishek Sur
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and WhenPaul Gower
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessDr. Syed Hassan Amin
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?Dmitriy Nesteryuk
 
Quest for the ultimate autotest coverage
Quest for the ultimate autotest coverageQuest for the ultimate autotest coverage
Quest for the ultimate autotest coverageAlexander Pushkarev
 
Code Review
Code ReviewCode Review
Code Reviewrantav
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and WhenPaul Gower
 
Code review in practice
Code review in practiceCode review in practice
Code review in practiceEdorian
 
Should you be your own judge?
Should you be your own judge?Should you be your own judge?
Should you be your own judge?Achyut Pokhrel
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Søren Lund
 
Agile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practiceAgile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practicedenis Udod
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit TestingSøren Lund
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality ToolsOrest Ivasiv
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisMikalai Alimenkou
 
Testing on frontend
Testing on frontendTesting on frontend
Testing on frontendAfif Alfiano
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016Søren Lund
 
Best Practices of Software Development
Best Practices of Software DevelopmentBest Practices of Software Development
Best Practices of Software DevelopmentFolio3 Software
 
Helping Programmers Write Better Tests
Helping Programmers Write Better TestsHelping Programmers Write Better Tests
Helping Programmers Write Better TestsGeoffrey Dunn
 
PHPUnit from a developer's perspective
PHPUnit from a developer's perspectivePHPUnit from a developer's perspective
PHPUnit from a developer's perspectiveTushar Joshi
 
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QAFest
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality ToolsСергей Гоменюк
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Fwdays
 
Code Review
Code ReviewCode Review
Code ReviewRavi Raj
 
Unit iv
Unit ivUnit iv
Unit ivSangeetha Rangarajan
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional ProgrammerDave Cross
 

More Related Content

What's hot

Code Review
Code ReviewCode Review
Code Reviewrantav
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and WhenPaul Gower
 
Code review in practice
Code review in practiceCode review in practice
Code review in practiceEdorian
 
Should you be your own judge?
Should you be your own judge?Should you be your own judge?
Should you be your own judge?Achyut Pokhrel
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Søren Lund
 
Agile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practiceAgile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practicedenis Udod
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit TestingSøren Lund
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality ToolsOrest Ivasiv
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisMikalai Alimenkou
 
Testing on frontend
Testing on frontendTesting on frontend
Testing on frontendAfif Alfiano
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016Søren Lund
 
Best Practices of Software Development
Best Practices of Software DevelopmentBest Practices of Software Development
Best Practices of Software DevelopmentFolio3 Software
 
Helping Programmers Write Better Tests
Helping Programmers Write Better TestsHelping Programmers Write Better Tests
Helping Programmers Write Better TestsGeoffrey Dunn
 
PHPUnit from a developer's perspective
PHPUnit from a developer's perspectivePHPUnit from a developer's perspective
PHPUnit from a developer's perspectiveTushar Joshi
 
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QAFest
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Fwdays
 

What's hot (19)

Code Review
Code ReviewCode Review
Code Review
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and When
 
Code review in practice
Code review in practiceCode review in practice
Code review in practice
 
Should you be your own judge?
Should you be your own judge?Should you be your own judge?
Should you be your own judge?
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016
 
Agile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practiceAgile latvia evening_unit_testing_in_practice
Agile latvia evening_unit_testing_in_practice
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit Testing
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysis
 
Testing on frontend
Testing on frontendTesting on frontend
Testing on frontend
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016
 
Best Practices of Software Development
Best Practices of Software DevelopmentBest Practices of Software Development
Best Practices of Software Development
 
Helping Programmers Write Better Tests
Helping Programmers Write Better TestsHelping Programmers Write Better Tests
Helping Programmers Write Better Tests
 
PHPUnit from a developer's perspective
PHPUnit from a developer's perspectivePHPUnit from a developer's perspective
PHPUnit from a developer's perspective
 
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"Sergey Pirogov "Test coverage myth busted"
Sergey Pirogov "Test coverage myth busted"
 

Similar to Code Review Looking for a vulnerable code. Vlad Savitsky.

Code Review
Code ReviewCode Review
Code ReviewRavi Raj
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional ProgrammerDave Cross
 
Codingstandards matiar
Codingstandards matiarCodingstandards matiar
Codingstandards matiarMatiar Rahman
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testingphanleson
 
Software Development Standard Operating Procedure
Software Development Standard Operating Procedure Software Development Standard Operating Procedure
Software Development Standard Operating Procedure rupeshchanchal
 
Software Design
Software DesignSoftware Design
Software DesignSpy Seat
 
Building Scalable Development Environments
Building Scalable Development EnvironmentsBuilding Scalable Development Environments
Building Scalable Development EnvironmentsShahar Evron
 
Introduction to Behavior Driven Development
Introduction to Behavior Driven Development Introduction to Behavior Driven Development
Introduction to Behavior Driven Development Robin O'Brien
 
Code review best practice
Code review best practiceCode review best practice
Code review best practiceOren Digmi
 
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Abdelkrim Boujraf
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Cas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projectsCas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projectsAgile Spain
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptxmarawanwael
 
Cinci ug-january2011-anti-patterns
Cinci ug-january2011-anti-patternsCinci ug-january2011-anti-patterns
Cinci ug-january2011-anti-patternsSteven Smith
 

Similar to Code Review Looking for a vulnerable code. Vlad Savitsky. (20)

Code Review
Code ReviewCode Review
Code Review
 
Unit iv
Unit ivUnit iv
Unit iv
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional Programmer
 
Codingstandards matiar
Codingstandards matiarCodingstandards matiar
Codingstandards matiar
 
Ensuring code quality
Ensuring code qualityEnsuring code quality
Ensuring code quality
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testing
 
Software Development Standard Operating Procedure
Software Development Standard Operating Procedure Software Development Standard Operating Procedure
Software Development Standard Operating Procedure
 
Software Design
Software DesignSoftware Design
Software Design
 
Building Scalable Development Environments
Building Scalable Development EnvironmentsBuilding Scalable Development Environments
Building Scalable Development Environments
 
Introduction to Behavior Driven Development
Introduction to Behavior Driven Development Introduction to Behavior Driven Development
Introduction to Behavior Driven Development
 
Android develop guideline
Android develop guidelineAndroid develop guideline
Android develop guideline
 
Code review best practice
Code review best practiceCode review best practice
Code review best practice
 
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Cas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projectsCas2010 is-there-space-for-testers-in-agile-projects
Cas2010 is-there-space-for-testers-in-agile-projects
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
TestDrivenDeveloment
TestDrivenDevelomentTestDrivenDeveloment
TestDrivenDeveloment
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptx
 
Cinci ug-january2011-anti-patterns
Cinci ug-january2011-anti-patternsCinci ug-january2011-anti-patterns
Cinci ug-january2011-anti-patterns
 

More from DrupalCampDN

Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef DabernigDrupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef DabernigDrupalCampDN
 
Dependency Injection in Drupal 8 - Стадник АндрейQweqwe
Dependency Injection in Drupal 8 - Стадник АндрейQweqweDependency Injection in Drupal 8 - Стадник АндрейQweqwe
Dependency Injection in Drupal 8 - Стадник АндрейQweqweDrupalCampDN
 
Our AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew BoagOur AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew BoagDrupalCampDN
 
Guzzle in Drupal 8 and as a REST client - Артем Мирошник
Guzzle in Drupal 8 and as a REST client - Артем МирошникGuzzle in Drupal 8 and as a REST client - Артем Мирошник
Guzzle in Drupal 8 and as a REST client - Артем МирошникDrupalCampDN
 
Blocks & Layouts in D7 - Josef Dabernig
Blocks & Layouts in D7 - Josef DabernigBlocks & Layouts in D7 - Josef Dabernig
Blocks & Layouts in D7 - Josef DabernigDrupalCampDN
 
CKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
CKEditor в Drupal: тонкая настройка и кастомизация - Osman SeferovCKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
CKEditor в Drupal: тонкая настройка и кастомизация - Osman SeferovDrupalCampDN
 
Drush - use full power - Alexander Schedrov
Drush - use full power - Alexander SchedrovDrush - use full power - Alexander Schedrov
Drush - use full power - Alexander SchedrovDrupalCampDN
 
Это Drupal, %username%! - Андрей Черноус
Это Drupal, %username%! - Андрей ЧерноусЭто Drupal, %username%! - Андрей Черноус
Это Drupal, %username%! - Андрей ЧерноусDrupalCampDN
 
Migrate - new way site upgrade
Migrate - new way site upgradeMigrate - new way site upgrade
Migrate - new way site upgradeDrupalCampDN
 
Caching on highload Drupal site - Alexander Shumenko
Caching on highload Drupal site - Alexander ShumenkoCaching on highload Drupal site - Alexander Shumenko
Caching on highload Drupal site - Alexander ShumenkoDrupalCampDN
 
Rich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим ВалуевRich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим ВалуевDrupalCampDN
 
May the parallelity be with you! Distributed computing using Erlang language ...
May the parallelity be with you! Distributed computing using Erlang language ...May the parallelity be with you! Distributed computing using Erlang language ...
May the parallelity be with you! Distributed computing using Erlang language ...DrupalCampDN
 
Panels как философия - Alexander Danilenko
Panels как философия - Alexander DanilenkoPanels как философия - Alexander Danilenko
Panels как философия - Alexander DanilenkoDrupalCampDN
 
DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...DrupalCampDN
 
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychevTwig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychevDrupalCampDN
 
Презентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury GlushkovПрезентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury GlushkovDrupalCampDN
 
Drupal and Outer space - Martin Mayer
Drupal and Outer space - Martin MayerDrupal and Outer space - Martin Mayer
Drupal and Outer space - Martin MayerDrupalCampDN
 
Boost your theming skills - Artem Shymko
Boost your theming skills - Artem ShymkoBoost your theming skills - Artem Shymko
Boost your theming skills - Artem ShymkoDrupalCampDN
 
Continious integration - Иван Лещёв
Continious integration - Иван ЛещёвContinious integration - Иван Лещёв
Continious integration - Иван ЛещёвDrupalCampDN
 
Rules - Yaroslav Doroshuk
Rules - Yaroslav DoroshukRules - Yaroslav Doroshuk
Rules - Yaroslav DoroshukDrupalCampDN
 

More from DrupalCampDN (20)

Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef DabernigDrupal - Changing the Web by Connecting Open Minds - Josef Dabernig
Drupal - Changing the Web by Connecting Open Minds - Josef Dabernig
 
Dependency Injection in Drupal 8 - Стадник АндрейQweqwe
Dependency Injection in Drupal 8 - Стадник АндрейQweqweDependency Injection in Drupal 8 - Стадник АндрейQweqwe
Dependency Injection in Drupal 8 - Стадник АндрейQweqwe
 
Our AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew BoagOur AWS Cloud Journey - Andrew Boag
Our AWS Cloud Journey - Andrew Boag
 
Guzzle in Drupal 8 and as a REST client - Артем Мирошник
Guzzle in Drupal 8 and as a REST client - Артем МирошникGuzzle in Drupal 8 and as a REST client - Артем Мирошник
Guzzle in Drupal 8 and as a REST client - Артем Мирошник
 
Blocks & Layouts in D7 - Josef Dabernig
Blocks & Layouts in D7 - Josef DabernigBlocks & Layouts in D7 - Josef Dabernig
Blocks & Layouts in D7 - Josef Dabernig
 
CKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
CKEditor в Drupal: тонкая настройка и кастомизация - Osman SeferovCKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
CKEditor в Drupal: тонкая настройка и кастомизация - Osman Seferov
 
Drush - use full power - Alexander Schedrov
Drush - use full power - Alexander SchedrovDrush - use full power - Alexander Schedrov
Drush - use full power - Alexander Schedrov
 
Это Drupal, %username%! - Андрей Черноус
Это Drupal, %username%! - Андрей ЧерноусЭто Drupal, %username%! - Андрей Черноус
Это Drupal, %username%! - Андрей Черноус
 
Migrate - new way site upgrade
Migrate - new way site upgradeMigrate - new way site upgrade
Migrate - new way site upgrade
 
Caching on highload Drupal site - Alexander Shumenko
Caching on highload Drupal site - Alexander ShumenkoCaching on highload Drupal site - Alexander Shumenko
Caching on highload Drupal site - Alexander Shumenko
 
Rich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим ВалуевRich Text in Drupal - Вадим Валуев
Rich Text in Drupal - Вадим Валуев
 
May the parallelity be with you! Distributed computing using Erlang language ...
May the parallelity be with you! Distributed computing using Erlang language ...May the parallelity be with you! Distributed computing using Erlang language ...
May the parallelity be with you! Distributed computing using Erlang language ...
 
Panels как философия - Alexander Danilenko
Panels как философия - Alexander DanilenkoPanels как философия - Alexander Danilenko
Panels как философия - Alexander Danilenko
 
DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...DrupalGap. How to create native application for mobile devices based on Drupa...
DrupalGap. How to create native application for mobile devices based on Drupa...
 
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychevTwig internals - Maksym MoskvychevTwig internals maksym moskvychev
Twig internals - Maksym MoskvychevTwig internals maksym moskvychev
 
Презентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury GlushkovПрезентация модуля YandexMoney - Yury Glushkov
Презентация модуля YandexMoney - Yury Glushkov
 
Drupal and Outer space - Martin Mayer
Drupal and Outer space - Martin MayerDrupal and Outer space - Martin Mayer
Drupal and Outer space - Martin Mayer
 
Boost your theming skills - Artem Shymko
Boost your theming skills - Artem ShymkoBoost your theming skills - Artem Shymko
Boost your theming skills - Artem Shymko
 
Continious integration - Иван Лещёв
Continious integration - Иван ЛещёвContinious integration - Иван Лещёв
Continious integration - Иван Лещёв
 
Rules - Yaroslav Doroshuk
Rules - Yaroslav DoroshukRules - Yaroslav Doroshuk
Rules - Yaroslav Doroshuk
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Code Review Looking for a vulnerable code. Vlad Savitsky.

Editor's Notes

  1. Highly Critical - Remotely exploitable vulnerabilities that can compromise the system. Interaction is not normally required for this exploit to be successful. Exploits have occurred to systems. Previous examples include: Local file inclusion on Windows, Impersonation, privilege escalation Critical - Remotely exploitable Denial of Service (DOS) vulnerabilities that can compromise the system but do require user interaction. Vulnerabilities that may allow anonymous users (i.e. users not registered at the site) to log in as a site user or take administrative actions. Interaction (such as an administrator viewing a particular page) may be required for this exploit to be successful, or in cases where interaction is not required (such as CSRF) the exploit causes only minor damage. Previous examples include: OpenID impersonation, SQL injection Moderately Critical (3 of 5): Remotely exploitable vulnerabilities that can compromise the system. Interaction (such as an administrator viewing a particular page) is required for this exploit to be successful. Exploits have not yet occurred on systems when vulnerability was disclosed. The exploit requires the user to be registered at the site and have some non-default permission, such as creating content. Previous examples include: Cross Site Scripting, Access bypass Less Critical (2 of 5): Used for cross-site request forgery vulnerabilities as well as privilege escalation vulnerabilities which require complex chains of events. This rating also includes vulnerabilities which might expose sensitive data to local users. Previous examples include: Session fixation, Cross site request forgery Not Critical (1 of 5): Rating is used for limited privilege escalation vulnerabilities and locally Denial of Service (DOS) vulnerabilities. Previous examples include: Access bypass