ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337"
Episode Synopsis
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from an LLM assistant, and then applies that understanding to a search for developer patterns that lead to common mistakes like mishandling data, not enforcing a control flow, or not defending against unexpected application states. He explains how finding those kinds of more impactful bugs are rewarding for the reviewer and valuable to the code owner. It involves reading a lot of code, but Louis offers tips on how to keep notes, keep an app's context in mind, and keep code secure. Segment Resources: https://pentesterlab.com/live-training/ https://pentesterlab.com/appsecschool https://deepwiki.com https://daniel.haxx.se/blog/2025/05/29/decomplexification/ Show Notes: https://securityweekly.com/asw-337
More episodes of the podcast Security Weekly Podcast Network (Video)
Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417
15/10/2025
Bikers, Apple, Storm-657, Astaroth, EES, Salesforce, Aaran Leyland, and more... - SWN #520
14/10/2025
New book from Dr. Anand Singh, why CISOs buy, and the latest news - Anand Singh - ESW #428
13/10/2025
Ballistic Hot Dogs, Clayrat, Twonet, Lockbit, Resumes, Discord, Aaran Leyland and... - SWN #519
10/10/2025
IoT Hacks Galore - Kieran Human - PSW #895
09/10/2025
Forrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416
08/10/2025
In God we trust