Articles tagged with "Code Review" (2)


Measuring attack paths in web applications

Recently a customer asked us after our penetration test against their web application, the percentage of possible attack paths we had covered. It was a difficult question to answer because, a) the customer wanted us to focus on SQL injection and XSS (long …


My thoughts on Secure Code Review

In this article I would like to share my thoughts, methodologies and techniques on how I perform secure code review. By secure I mean code review with the purpose of finding unknown vulnerabilities. My focus is generally on web applications, but the ideas …