97, 1/4 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   W.H.
   1¹ø ÆÄÆ® ÀÏ´Ü Áö±Ý±îÁö ÇÑ°Å ¿Ã¸³´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=16 [º¹»ç]


¾î´À»õ ¹ø¿ª ³¯ÀÚ°¡ 10ÀÏ·Î ¹Ù²ãÁ®ÀÖ´ÂÁö;;

¹ø¿ªÀº ÇÏ°í ÀÖ´ÂÁßÀÌ°í¿ä, ¾Æ·¡ ³»¿ëÀº ½ºÅ©¸³Æ®ÀÔ´Ï´Ù.

°¡·Î ÃÄÁø ºÎºÐÀº Àû±ä ÇßÀ¸³ª È®½ÇÄ¡ ¾ÊÀº ºÎºÐÀ̸ç ***Àº ¸ð¸£´Â ºÎºÐÀÔ´Ï´Ù.

±×¸®°í Çؼ®À» ÇÏÁö ¾Ê¾Æ¼­ ÀÏ´Ü ¸»ÀÌ À̾îÁö¸é ÇÑ ¹®ÀåÀ¸·Î ÇÏ¿´½À´Ï´Ù.

...

For the pass couple of years have been doing a code review for methodologya lot of large reallycode base.
¸î ³â µ¿¾È ¾ÆÁÖ ¸¹Àº ¶óÀÎÀ» °¡Áö°í ÀÖ´Â ÄÚµåµéÀ» °ËÅä ÇØ¿Ô½À´Ï´Ù.

And initially when I started doing code review it was pretty difficult trying (figure) all their everything by has 600,000 lines of code.
±×¸®°í Á¦°¡ óÀ½À¸·Î ÄÚµå °ËÅ並 Çϱ⠽ÃÀÛÇßÀ» ¶§ 600000 ¸¸ ÁÙÀÇ Äڵ带 (ºÐ¼®) ÇÏ´Â °Ô ²Ï³ª Èûµé¾ú½À´Ï´Ù.

I have to review that code, trying find µðÇȽº(ÆÐÄ¡Çϴ°ǵ¥..) and it's really difficult for anyone person are single team *** and review code without communicating and following tool every single step.
Á¦°¡ ±× 60¸¸ÁÙÂ¥¸® Äڵ忡¼­ µðÇȽº¸¦ ãÀ¸·Á Çߴµ¥ Ä¿¹Â´ÏƼÀÇ µµ¿ò ¾øÀÌ ½Ì±Û ½ºÅÇ(Äڵ带 ÇÑ ÁÙ¾¿ ½ÇÇà) Çϸ鼭 °ËÅäÇÏ´Â °ÍÀº È¥ÀÚ¼­ Çϱ⿡´Â Á¤¸»·Î Èûµç °ÍÀ̾ú½À´Ï´Ù.

So, pass two years (are so it) ah... with help of few friends of mine with a they stop it used to work for became up with some part of methodology .
2³âÀÌ Áö³ª°í µµ¿òÀ» Áִ ģ±¸¿Í ÇÔ²² ¸î °¡Áö ¹æ¹ýµéÀ» ã°ï Çß½À´Ï´Ù.

Little on... last year, I think a microsoft started pushing threat analysis (go a bit) I look into that (in a like) there ideas as well, so I try come up with someone different technical previewing large sour code bases.
ÀÛ³â, Àü ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç(;ÀÌÇÏ ¸¶¼Ò)°¡ À§ÇèºÐ¼®¿¡ ´ëÇØ Áö¿øÀ» ½ÃÀÛÇß´Ù°í »ý°¢Çß½À´Ï´Ù. Àú´Â ¸¶¼Ò¿Í ±× À§ÇèºÐ¼® °³³ä¿¡ ´ëÇØ Á¶»çÇÏ¿´½À´Ï´Ù. ±×·¡¼­ Àü ¸¹Àº ·®ÀÇ Äڵ带 (°ËÅä) ÇÏ´Â »ö´Ù¸¥ ±â¼úÀ» ã¾Æº¸¾Ò½À´Ï´Ù.

And today I'm going to try focus this *** on that particular topic.
±×¸®°í Àú´Â ¿À´Ã ÀÌ°Í(À§ÇèºÐ¼®)¿¡ ÃÊÁ¡À» ¸ÂÃß·Á ÇÕ´Ï´Ù.

Basically how do go about reviewing large code basis doing source code review and doing focus source code review to get most effective result.


Defense in depth today


We have firewalls, this is a big picture i guess, we have Firewalls, we have DMZ, Host Assessment We have difficult Hardened Builds, Vulnerability Scanning but now this Code Review is becoming more and more popular a lot of company want to do not just common do ****** test it there product company but black box testing but also look at code review.


How do we go going do that code review.


So this is the six point methodology started with Threat Model will talk about Threat Modeling basically trying to get (data flood *******) of entire application and trying to figure out all the major entry point are all the major *** someone else going to access something and trying to see if there *** could be trace I particularly point like for web application if like google the biggest *** search  the search fill it self *** properly they would be no problems are something among those line so we will talk about every single major entry point what are they different technique (we can) *** doing that.


Second step *** Cursory Code Review.


The reason for that is that every single person in world in doing a code review should understand how *** (indial) application is written have common (please) where you have *** (store) have common please where you have *** common note (store) so that when initially your reviewing it you are understanding the (mind set of) programmer.


The goldest to think like wonder programer was trying to do all there.


You not going to go to depth you just see what exactly happening from *** ***.


Then you going to separation of code will talk about couple of (meter) (there's) stander (meter) that microsoft come up with and then there's (meter) ¿¥Ç÷ÎÆ÷¿ì¡ application architecture trying to be a value Åõµé *** (difference) seperations how do you give value to it how do you figure out what exactly would give you more benefit focus your (dying) to was.


Then we will talk about maintaining code notes with reviewer name.


This is very important simplely because reviewer *** bunch of code and he will understand it he puts notes down review is could also accessing same function he doesn't spend time trying to understand function code again.


so It is good idea to have reviewer note and reviewer names also little (they) what we (end up) doing giving customers just graph that particular name and *** you don't have to maintain multiple note

  Hit : 1739     Date : 2011/05/10 10:09



    
¼­°æÀç ¿ì¿Í, °ÅÀÇ ´Ù ÀûÀ¸¼Ì³×¿ä;;; Àεµ½Ä ¹ßÀ½ ¾î·Æ´øµ¥ 2011/05/10  
¸Û¸Û °í»ýÇϼ̽À´Ï´Ù~ 2011/05/11  
97   [1ȸ] ¿ªÇÒ ºÐ´ãÇÕ´Ï´Ù.[1]     ¸Û¸Û
05/03 1745
96   [1ȸ] µ¿¿µ»ó ºÐÇÒÇØÁÖ½Ç ºÐ![2]     ¸Û¸Û
05/03 2131
95   ¸â¹öºÐµé ³×ÀÌÆ®¿Â or Ä«Åå or Æ®À§ÅÍ ±³È¯ÇØ¿ä[4]     ¸Û¸Û
05/03 2048
94   À§¿¡ ¸Û¸Û´ÔÀÌ ¿Ã¸®½Å µ¿¿µ»óÀ¸·Î ÀÛ¾÷ÇØÁÖ¼¼¿ä~ (ÀÌ °Ô½Ã¹°X)[21]     W.H.
05/03 1748
93   À̹ø ÀÛ¾÷(nish_bhalla_auditing_source_code) ¿øº» ÆÄÀÏÀÌ¿ä.     W.H.
05/03 1723
92   ¾ÆÂü ¹ø¿ª¹®Àº Á¸´ñ¸»·Î Àû¾îÁÖ¼¼¿ä~ (³Ã¹«)     ¸Û¸Û
05/04 1365
91   3¹ø° ÆÄÆ® ¾Èµé¸®´Â ºÎºÐ »©°í ´ÙÇß½À´Ï´Ù[9]     ahotsuna
05/04 1882
90   ÀÛ¾÷ÇÏ´Ù ¸·È÷½Å ºÐ, ±×¸®°í ÀÛ¾÷ ÇÒ´ç ¸ø¹ÞÀ¸½Å ºÐ ºÁÁÖ¼¼¿ä     ¸Û¸Û
05/06 1737
89   4¹ø ÆÄÆ® ¸®½º´×&¹ø¿ª ³»¿ëÀÔ´Ï´Ù.[1]     ¸Û¸Û
05/09 1745
88   2¹ø ÆÄÆ® ¸®½º´×&¹ø¿ªÀÔ´Ï´Ù.[2]     stardung86
05/09 1668
  1¹ø ÆÄÆ® ÀÏ´Ü Áö±Ý±îÁö ÇÑ°Å ¿Ã¸³´Ï´Ù.[2]     W.H.
05/10 1738
86   5¹ø ÆÄÀÏ[1]     ¼­°æÀç
05/10 1639
85   °ÇÀÇ»çÇ×??[1]     ¼­°æÀç
05/10 1501
84   11ÀÏ ¼ö¿äÀÏ ³· 12½Ã¿¡ 1Â÷ Á¤¸®¸¦ ÇÏ°Ú½À´Ï´Ù.[1]     ¸Û¸Û
05/11 1582
83   8¹ø ÆÄÆ®ÀÔ´Ï´Ù[1]     Prox
05/11 1641
82   ±³Á¤ ´ã´çÀÚµéÀ» Ãß°¡ ¸ðÁýÇÕ´Ï´Ù.     ¸Û¸Û
05/11 1520
81   Á¦ 1ȸ ¹ø¿ª ÁøÇà »óȲÀÔ´Ï´Ù.[1]     ¸Û¸Û
05/11 1630
80   7¹ø ÆÄÆ® ÂÉ°³ÁÖ½Ç ºÐ ã½À´Ï´Ù.[2]     ¸Û¸Û
05/11 1619
79   ±ÞÇÑ´ë·Î 6¹øÆÄÆ®[1]     bluemario
05/11 1912
78   ¸¶Áö¸· ÆÄÆ® ÀÔ´Ï´Ù. ´Ê¾î¼­ Á˼ÛÇÕ´Ï´Ù. ¤¾[1]     k1rha
05/12 1785
77   Àú±â Á˼ÛÇѵ¥,,[1]     bluemario
05/12 1665
76   ¹ø¿ª ½ºÄÉÁì ¼öÁ¤ÇÏ¿´½À´Ï´Ù.     ¸Û¸Û
05/13 1683
75   ÆÄÆ® 1¿¡ ´ëÇÑ Çùµ¿ ¹ø¿ªÀ» ÁøÇàÇÕ´Ï´Ù.     ¸Û¸Û
05/13 1582
74   À§Å° ÆäÀÌÁö º¯°æ ¹× ¸ðµÎ ¸¸µé¾î ³õ°Ú½À´Ï´Ù. + ¸Û¸Û´Ô Çѹø ºÁÁÖ¼¼¿ä[1]     W.H.
05/13 1793
73   7¹ø ÆÄÀÏ[4]     ¼­°æÀç
05/15 1483
1 [2][3][4]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org