Rudolph Araujo (or Rudy as we call him), from Foundstone, is doing a Web Cast on performing Security Code Reviews, Using Security Code Reviews to Quickly and Effectively Improve the Security of Your Applications .
In his Web Cast, Rudy will accomplish the following:
- Show you key effective strategies for security code reviews
- Briefly discuss threat modeling and its benefits
- Discuss how security code review and threat modeling are critical yet just part of an overall software security engineering process
One of the most important things Rudy will show you is how to use control flow analysis and data flow analysis to analyze application security. Rudy will also show you how to chunk up your security analysis using security categories such as authentication, authorization, input/data validation ... etc., to perform incremental and iterative analysis.
Rudy has worked closely with our patterns & practices security team over the years so he's intimately familiar with our approaches around security code review approach and Security Engineering (short-cut: http://msdn.com/SecurityEngineering). In fact, Rudy played a key role during the development of our How To: Perform a Security Code Review for Managed Code (Baseline Activity), where you can see Rudy listed as a contributing author.
- Title: Using Security Code Reviews to Quickly and Effectively Improve the Security of Your Applications
- When: May 24th
- Time: 11:00 AM - 12:00 PM (Pacific)
- Event Registration page