Marco Mirko Morana

Marco Mirko Morana

My career in cyber-security spans more than 20 years working in different roles and industry sectors. As a author, besides co-authoring the book on risk centric threat modelling I wrote a book on application security risk management for CISOs and several white papers covering application and software security topics.

Secure Code Reviews

Published in CSI Conference, San Diego, USA, 2006

This presentation(s) covers the topic secure code reviews, highlighting their purpose, importance, methodologies, common coding errors, and additional resources. Secure code reviews are a critical process for identifying and addressing vulnerabilities in code, ensuring adherence to security best practices, regulatory compliance, and the implementation of robust security controls. The presentation emphasizes the integration of secure code reviews into the software development lifecycle (SDLC) and their alignment with threat modeling. The methodology involves prioritizing code review efforts based on identified threats, categorizing vulnerabilities, and delivering actionable recommendations for remediation. Key coding mistakes discussed include issues related to insecure configurations, inadequate data protection, flawed authentication mechanisms, and authorization gaps. The session provides valuable insights and resources for improving the effectiveness of secure code reviews and fostering a more secure development process.

Recommended citation: Marco Morana, (2008). "Presentation at CSI Conference, San Diego, USA "
Download Paper