Category Archives: Code review experiance

Microsoft Attack Surface Analyzer Command line option

Microsoft Attack Surface Analyzer is a nice tool to analyze the modifications made by a product. Many a times we may need to automate this. Microsoft provided command line options to automate this. Usage: Attack Surface Analyzer.exe [arguments]   /Baseline <file>     … Continue reading

Posted in Code review experiance, SDLC, Windows | Tagged , | Leave a comment

C++ code review and STL bugs

Most of the programs written in C++ uses STL. Most of the time we assume that STL usage works correctly and it is most of the time. But there are chances that STL has bugs. Here is the list of … Continue reading

Posted in C/C++, Code review experiance, Windows VC++ | Tagged , | Leave a comment

Things Everyone Should Do: Code Review

Nice blog post about code review. Most of his comments are very true. When you audit a product the first thing that you have to face is, criticize. http://scientopia.org/blogs/goodmath/2011/07/06/things-everyone-should-do-code-Oreview/ At Google, no code, for any product, for any project, gets … Continue reading

Posted in Code review experiance | Tagged , , , | Leave a comment

A fresh pair of eyes will tell you exactly what you missed

http://blog.vivekhaldar.com/post/20335710829/code-review-just-do-it It is so true that “fresh pair of eyes” sees the code in different perspective. Yes Code review will improve your code quality. Many a times when we develop a module, we will fill the code with many “TODO” … Continue reading

Posted in Code review experiance | Tagged , , | Leave a comment

SCALMS–Source Code Auditors Log Management System

  In my auditing job, I used to face lot of issues when we work as a team. Problems we face are,1) Work on multiple projects/products at a time.2) When you work as a team, how do you assign an … Continue reading

Posted in Code review experiance, SDLC | Tagged , , , | Leave a comment

C++ Code Audit Diary 1: STL implementation difference

STL supports value semantics. There is no support for the reference semantics in C++ STL. Even then few STL function template supports pass-by-reference. There is a difference between this supports in MSVC and GCC. I take an example from the … Continue reading

Posted in C/C++, Code review experiance, SDLC, Windows VC++ | Tagged , | Leave a comment

Build An AppSec Training Program for Development Teams–Veracode

Recently Veracode arranged for a presentation related to AppSec Training. It is a good materials to listen. You can learn lot of lessons on how to “push” a AppSec training. Good Presentation. Those who work in SDLC process implementation should … Continue reading

Posted in Code review experiance, SDLC | Tagged , | Leave a comment