97, 2/4 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   W.H.
   1¹ø ÆÄÆ® ÀÏ´Ü Áö±Ý±îÁö ÇÑ°Å ¿Ã¸³´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=16 [º¹»ç]


¾î´À»õ ¹ø¿ª ³¯ÀÚ°¡ 10ÀÏ·Î ¹Ù²ãÁ®ÀÖ´ÂÁö;;

¹ø¿ªÀº ÇÏ°í ÀÖ´ÂÁßÀÌ°í¿ä, ¾Æ·¡ ³»¿ëÀº ½ºÅ©¸³Æ®ÀÔ´Ï´Ù.

°¡·Î ÃÄÁø ºÎºÐÀº Àû±ä ÇßÀ¸³ª È®½ÇÄ¡ ¾ÊÀº ºÎºÐÀ̸ç ***Àº ¸ð¸£´Â ºÎºÐÀÔ´Ï´Ù.

±×¸®°í Çؼ®À» ÇÏÁö ¾Ê¾Æ¼­ ÀÏ´Ü ¸»ÀÌ À̾îÁö¸é ÇÑ ¹®ÀåÀ¸·Î ÇÏ¿´½À´Ï´Ù.

...

For the pass couple of years have been doing a code review for methodologya lot of large reallycode base.
¸î ³â µ¿¾È ¾ÆÁÖ ¸¹Àº ¶óÀÎÀ» °¡Áö°í ÀÖ´Â ÄÚµåµéÀ» °ËÅä ÇØ¿Ô½À´Ï´Ù.

And initially when I started doing code review it was pretty difficult trying (figure) all their everything by has 600,000 lines of code.
±×¸®°í Á¦°¡ óÀ½À¸·Î ÄÚµå °ËÅ並 Çϱ⠽ÃÀÛÇßÀ» ¶§ 600000 ¸¸ ÁÙÀÇ Äڵ带 (ºÐ¼®) ÇÏ´Â °Ô ²Ï³ª Èûµé¾ú½À´Ï´Ù.

I have to review that code, trying find µðÇȽº(ÆÐÄ¡Çϴ°ǵ¥..) and it's really difficult for anyone person are single team *** and review code without communicating and following tool every single step.
Á¦°¡ ±× 60¸¸ÁÙÂ¥¸® Äڵ忡¼­ µðÇȽº¸¦ ãÀ¸·Á Çߴµ¥ Ä¿¹Â´ÏƼÀÇ µµ¿ò ¾øÀÌ ½Ì±Û ½ºÅÇ(Äڵ带 ÇÑ ÁÙ¾¿ ½ÇÇà) Çϸ鼭 °ËÅäÇÏ´Â °ÍÀº È¥ÀÚ¼­ Çϱ⿡´Â Á¤¸»·Î Èûµç °ÍÀ̾ú½À´Ï´Ù.

So, pass two years (are so it) ah... with help of few friends of mine with a they stop it used to work for became up with some part of methodology .
2³âÀÌ Áö³ª°í µµ¿òÀ» Áִ ģ±¸¿Í ÇÔ²² ¸î °¡Áö ¹æ¹ýµéÀ» ã°ï Çß½À´Ï´Ù.

Little on... last year, I think a microsoft started pushing threat analysis (go a bit) I look into that (in a like) there ideas as well, so I try come up with someone different technical previewing large sour code bases.
ÀÛ³â, Àü ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç(;ÀÌÇÏ ¸¶¼Ò)°¡ À§ÇèºÐ¼®¿¡ ´ëÇØ Áö¿øÀ» ½ÃÀÛÇß´Ù°í »ý°¢Çß½À´Ï´Ù. Àú´Â ¸¶¼Ò¿Í ±× À§ÇèºÐ¼® °³³ä¿¡ ´ëÇØ Á¶»çÇÏ¿´½À´Ï´Ù. ±×·¡¼­ Àü ¸¹Àº ·®ÀÇ Äڵ带 (°ËÅä) ÇÏ´Â »ö´Ù¸¥ ±â¼úÀ» ã¾Æº¸¾Ò½À´Ï´Ù.

And today I'm going to try focus this *** on that particular topic.
±×¸®°í Àú´Â ¿À´Ã ÀÌ°Í(À§ÇèºÐ¼®)¿¡ ÃÊÁ¡À» ¸ÂÃß·Á ÇÕ´Ï´Ù.

Basically how do go about reviewing large code basis doing source code review and doing focus source code review to get most effective result.


Defense in depth today


We have firewalls, this is a big picture i guess, we have Firewalls, we have DMZ, Host Assessment We have difficult Hardened Builds, Vulnerability Scanning but now this Code Review is becoming more and more popular a lot of company want to do not just common do ****** test it there product company but black box testing but also look at code review.


How do we go going do that code review.


So this is the six point methodology started with Threat Model will talk about Threat Modeling basically trying to get (data flood *******) of entire application and trying to figure out all the major entry point are all the major *** someone else going to access something and trying to see if there *** could be trace I particularly point like for web application if like google the biggest *** search  the search fill it self *** properly they would be no problems are something among those line so we will talk about every single major entry point what are they different technique (we can) *** doing that.


Second step *** Cursory Code Review.


The reason for that is that every single person in world in doing a code review should understand how *** (indial) application is written have common (please) where you have *** (store) have common please where you have *** common note (store) so that when initially your reviewing it you are understanding the (mind set of) programmer.


The goldest to think like wonder programer was trying to do all there.


You not going to go to depth you just see what exactly happening from *** ***.


Then you going to separation of code will talk about couple of (meter) (there's) stander (meter) that microsoft come up with and then there's (meter) ¿¥Ç÷ÎÆ÷¿ì¡ application architecture trying to be a value Åõµé *** (difference) seperations how do you give value to it how do you figure out what exactly would give you more benefit focus your (dying) to was.


Then we will talk about maintaining code notes with reviewer name.


This is very important simplely because reviewer *** bunch of code and he will understand it he puts notes down review is could also accessing same function he doesn't spend time trying to understand function code again.


so It is good idea to have reviewer note and reviewer names also little (they) what we (end up) doing giving customers just graph that particular name and *** you don't have to maintain multiple note

  Hit : 1744     Date : 2011/05/10 10:09



    
¼­°æÀç ¿ì¿Í, °ÅÀÇ ´Ù ÀûÀ¸¼Ì³×¿ä;;; Àεµ½Ä ¹ßÀ½ ¾î·Æ´øµ¥ 2011/05/10  
¸Û¸Û °í»ýÇϼ̽À´Ï´Ù~ 2011/05/11  
72   12¹ø ÆÄÆ® (ºóÄ­ÀÌ ¸¹¾Æ¿ä)     Prox
08/03 2015
71   ¹ø¿ª part 7 status     babyalpha
08/21 2001
70   ±ÞÇÑ´ë·Î 6¹øÆÄÆ®[1]     bluemario
05/11 1915
69   ÆÄÆ®1 ºÐ·®ÀÔ´Ï´Ù.     ¸Û¸Û
08/02 1894
68   [Á¦ 2ȸ] ¹ø¿ª ÆÄÆ®°¡ Á¤ÇØÁ³½À´Ï´Ù[12]     ¸Û¸Û
07/18 1891
67   µÎ ¹ø° ¹ø¿ª ´ë»ó °ü·Ã..[5]     ¸Û¸Û
06/16 1886
66   3¹ø° ÆÄÆ® ¾Èµé¸®´Â ºÎºÐ »©°í ´ÙÇß½À´Ï´Ù[9]     ahotsuna
05/04 1886
65   [1ȸ] recon - auditing source code ºÐÇÒ ÆÄÀÏÀÔ´Ï´Ù (ÃÑ 9°³)[8]     ¸Û¸Û
05/04 1877
64   À¯Æ©ºê µ¿¿µ»ó ¾÷·Îµå[3]     d4rkang3l
05/16 1854
63   Á¦ 1ȸ ¹ø¿ª ÀÚ¸· ´Þ¾ÆÁÖ½Ç ºÐ ã½À´Ï´Ù~[3]     ¸Û¸Û
05/25 1843
62   ¾ÕÀ¸·Î ¸®½º´×&¹ø¿ªÇϸé ÁÁ°Ú´Ù°í »ý°¢µÇ´Â µ¿¿µ»óµéÀÔ´Ï´Ù.     ¸Û¸Û
05/15 1827
61   ÀÚ¸· - darkangel´Ô °Í°ú lycan´Ô °Í ÅëÇÕ     ¸Û¸Û
06/22 1823
60   À§Å° ÆäÀÌÁö º¯°æ ¹× ¸ðµÎ ¸¸µé¾î ³õ°Ú½À´Ï´Ù. + ¸Û¸Û´Ô Çѹø ºÁÁÖ¼¼¿ä[1]     W.H.
05/13 1795
59   ¸¶Áö¸· ÆÄÆ® ÀÔ´Ï´Ù. ´Ê¾î¼­ Á˼ÛÇÕ´Ï´Ù. ¤¾[1]     k1rha
05/12 1787
58   6¹ø ÆÄÆ® ¾Èµé¸®´Â °Íµé ¸¹ÀÌ ¸øÇ߳׿䠠   ahotsuna
08/02 1785
57   µ¿¿µ»ó ÆÄÀÏÀÔ´Ï´Ù. <- ÀÌ µ¿¿µ»óÀº Á¤ÇØÁø µ¿¿µ»óÀÌ ¾Æ´Ï¿¡¿ä~~[8]     W.H.
05/27 1774
56   [°øÁö] Á¦ 1ȸ ¹ø¿ª ½ºÄÉÁìÀÔ´Ï´Ù. (ÁøÇà»óȲÀ» °¢ÀÚ ´ñ±Û·Î update)[10]     ¸Û¸Û
05/03 1772
55   [Á¦ 2ȸ] À¯Åõºê ¸µÅ©[1]     lycan
07/16 1766
54   À§¿¡ ¸Û¸Û´ÔÀÌ ¿Ã¸®½Å µ¿¿µ»óÀ¸·Î ÀÛ¾÷ÇØÁÖ¼¼¿ä~ (ÀÌ °Ô½Ã¹°X)[21]     W.H.
05/03 1749
53   ºÐÇÒµÈ µ¿¿µ»óÀ» À¯Åõºê¿¡ ¿Ã·ÁÁÖ½Ç ºÐ ã½À´Ï´Ù.[2]     ¸Û¸Û
05/15 1748
52   [1ȸ] ¿ªÇÒ ºÐ´ãÇÕ´Ï´Ù.[1]     ¸Û¸Û
05/03 1748
51   4¹ø ÆÄÆ® ¸®½º´×&¹ø¿ª ³»¿ëÀÔ´Ï´Ù.[1]     ¸Û¸Û
05/09 1747
  1¹ø ÆÄÆ® ÀÏ´Ü Áö±Ý±îÁö ÇÑ°Å ¿Ã¸³´Ï´Ù.[2]     W.H.
05/10 1743
49   ÀÛ¾÷ÇÏ´Ù ¸·È÷½Å ºÐ, ±×¸®°í ÀÛ¾÷ ÇÒ´ç ¸ø¹ÞÀ¸½Å ºÐ ºÁÁÖ¼¼¿ä     ¸Û¸Û
05/06 1742
48   Á¦ 2ȸ ¹ø¿ª ÁøÇà»óȲ ´ñ±Û ¹Ù¶ø´Ï´Ù.[9]     ¸Û¸Û
08/02 1736
[1] 2 [3][4]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org