No? Well, no problem. That’s why code review checklists are so powerful. Because I have been invited to the OWASP DevSlop show, I’ve spent my weekend not only preparing the slides but also preparing a security code review checklist.
In this security code review checklist, I walk you through the most important points such as data and input validation, authentication and authorization, as well as session management and encryption.
Research is very clear on the power of code review checklists. Code reviewers who use a code review checklist outperform code reviewers that don’t. So, I hope this checklist is helpful and valuable to you and that you start boosting your code review effectiveness with it.
If you fancy, you can also watch the OWASP DevSlop episode where I talk about finding security issues in code reviews.
You can also download my slides below. Ah, and if you are interested in the vulnerable code for the code review example, you can find it here: https://github.com/mgreiler/code-reviews
Every two weeks, I send an email packed with code review tips or also handy checklists and cheat sheets, as well as updates on my entrepreneurial journey to my loyal email community. Maybe you fancy joining?