Source code review is an important part of security. Proactively looking for security vulnerabilities before shipping the software is a great way to mitigate the risks. However, source code review can be done before the code is shipped or after it is compiled and shipped as a binary. In this talk, I will share some tactics and tools that I use to perform code review and explain different types of vulnerabilities in the code caused by things like buffer overflows, heap overflows, data types, arithmetic calculations, etc. Some parts of this talk will include live demos and depending on the time frame, live pentests may also be performed.

– Introduction
– Why we need to perform source code audits
– Determination of the scope of the audit

– Software Auditing Tactics [ C/C++ ]
– Attack plan with limited time frame
– Where to attack
– How to attack
– Which tools to use
– Understanding the impact of vulnerability

This talk focuses only on testing software written in C/C++. However, you can take parts of this talk and implement them in your own working environment.

Presentation: http://bit.ly/1R05fJP

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.