Source Code Review (Raise Your Bar Beyond Grep)

Source code review (aka Static code review) helps detect software vulnerabilities at a code level. The efficiency and accuracy of such a review are highly dependent on the experience and approach of the reviewer. This course is designed to equip developers and security consultants with the necessary skills to identify security vulnerabilities and potential backdoors at a source code level. Code review can be intimidating, particularly while reviewing an unfamiliar language or framework. Therefore, this course will cover techniques that can enable you to analyse codebase regardless of the programming language, framework and size of the codebase. A vast majority of code reviews are done using tools, and while tools are suitable on some occasions, they are primarily capable of finding those coding mistakes found through searching for known patterns. However, this course will mainly focus on manual code review techniques.