97, 4/4 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   W.H.
   1¹ø ÆÄÆ® ÀÏ´Ü Áö±Ý±îÁö ÇÑ°Å ¿Ã¸³´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=16 [º¹»ç]


¾î´À»õ ¹ø¿ª ³¯ÀÚ°¡ 10ÀÏ·Î ¹Ù²ãÁ®ÀÖ´ÂÁö;;

¹ø¿ªÀº ÇÏ°í ÀÖ´ÂÁßÀÌ°í¿ä, ¾Æ·¡ ³»¿ëÀº ½ºÅ©¸³Æ®ÀÔ´Ï´Ù.

°¡·Î ÃÄÁø ºÎºÐÀº Àû±ä ÇßÀ¸³ª È®½ÇÄ¡ ¾ÊÀº ºÎºÐÀ̸ç ***Àº ¸ð¸£´Â ºÎºÐÀÔ´Ï´Ù.

±×¸®°í Çؼ®À» ÇÏÁö ¾Ê¾Æ¼­ ÀÏ´Ü ¸»ÀÌ À̾îÁö¸é ÇÑ ¹®ÀåÀ¸·Î ÇÏ¿´½À´Ï´Ù.

...

For the pass couple of years have been doing a code review for methodologya lot of large reallycode base.
¸î ³â µ¿¾È ¾ÆÁÖ ¸¹Àº ¶óÀÎÀ» °¡Áö°í ÀÖ´Â ÄÚµåµéÀ» °ËÅä ÇØ¿Ô½À´Ï´Ù.

And initially when I started doing code review it was pretty difficult trying (figure) all their everything by has 600,000 lines of code.
±×¸®°í Á¦°¡ óÀ½À¸·Î ÄÚµå °ËÅ並 Çϱ⠽ÃÀÛÇßÀ» ¶§ 600000 ¸¸ ÁÙÀÇ Äڵ带 (ºÐ¼®) ÇÏ´Â °Ô ²Ï³ª Èûµé¾ú½À´Ï´Ù.

I have to review that code, trying find µðÇȽº(ÆÐÄ¡Çϴ°ǵ¥..) and it's really difficult for anyone person are single team *** and review code without communicating and following tool every single step.
Á¦°¡ ±× 60¸¸ÁÙÂ¥¸® Äڵ忡¼­ µðÇȽº¸¦ ãÀ¸·Á Çߴµ¥ Ä¿¹Â´ÏƼÀÇ µµ¿ò ¾øÀÌ ½Ì±Û ½ºÅÇ(Äڵ带 ÇÑ ÁÙ¾¿ ½ÇÇà) Çϸ鼭 °ËÅäÇÏ´Â °ÍÀº È¥ÀÚ¼­ Çϱ⿡´Â Á¤¸»·Î Èûµç °ÍÀ̾ú½À´Ï´Ù.

So, pass two years (are so it) ah... with help of few friends of mine with a they stop it used to work for became up with some part of methodology .
2³âÀÌ Áö³ª°í µµ¿òÀ» Áִ ģ±¸¿Í ÇÔ²² ¸î °¡Áö ¹æ¹ýµéÀ» ã°ï Çß½À´Ï´Ù.

Little on... last year, I think a microsoft started pushing threat analysis (go a bit) I look into that (in a like) there ideas as well, so I try come up with someone different technical previewing large sour code bases.
ÀÛ³â, Àü ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç(;ÀÌÇÏ ¸¶¼Ò)°¡ À§ÇèºÐ¼®¿¡ ´ëÇØ Áö¿øÀ» ½ÃÀÛÇß´Ù°í »ý°¢Çß½À´Ï´Ù. Àú´Â ¸¶¼Ò¿Í ±× À§ÇèºÐ¼® °³³ä¿¡ ´ëÇØ Á¶»çÇÏ¿´½À´Ï´Ù. ±×·¡¼­ Àü ¸¹Àº ·®ÀÇ Äڵ带 (°ËÅä) ÇÏ´Â »ö´Ù¸¥ ±â¼úÀ» ã¾Æº¸¾Ò½À´Ï´Ù.

And today I'm going to try focus this *** on that particular topic.
±×¸®°í Àú´Â ¿À´Ã ÀÌ°Í(À§ÇèºÐ¼®)¿¡ ÃÊÁ¡À» ¸ÂÃß·Á ÇÕ´Ï´Ù.

Basically how do go about reviewing large code basis doing source code review and doing focus source code review to get most effective result.


Defense in depth today


We have firewalls, this is a big picture i guess, we have Firewalls, we have DMZ, Host Assessment We have difficult Hardened Builds, Vulnerability Scanning but now this Code Review is becoming more and more popular a lot of company want to do not just common do ****** test it there product company but black box testing but also look at code review.


How do we go going do that code review.


So this is the six point methodology started with Threat Model will talk about Threat Modeling basically trying to get (data flood *******) of entire application and trying to figure out all the major entry point are all the major *** someone else going to access something and trying to see if there *** could be trace I particularly point like for web application if like google the biggest *** search  the search fill it self *** properly they would be no problems are something among those line so we will talk about every single major entry point what are they different technique (we can) *** doing that.


Second step *** Cursory Code Review.


The reason for that is that every single person in world in doing a code review should understand how *** (indial) application is written have common (please) where you have *** (store) have common please where you have *** common note (store) so that when initially your reviewing it you are understanding the (mind set of) programmer.


The goldest to think like wonder programer was trying to do all there.


You not going to go to depth you just see what exactly happening from *** ***.


Then you going to separation of code will talk about couple of (meter) (there's) stander (meter) that microsoft come up with and then there's (meter) ¿¥Ç÷ÎÆ÷¿ì¡ application architecture trying to be a value Åõµé *** (difference) seperations how do you give value to it how do you figure out what exactly would give you more benefit focus your (dying) to was.


Then we will talk about maintaining code notes with reviewer name.


This is very important simplely because reviewer *** bunch of code and he will understand it he puts notes down review is could also accessing same function he doesn't spend time trying to understand function code again.


so It is good idea to have reviewer note and reviewer names also little (they) what we (end up) doing giving customers just graph that particular name and *** you don't have to maintain multiple note
  Hit : 1747     Date : 2011/05/10 10:09


    
¼­°æÀç ¿ì¿Í, °ÅÀÇ ´Ù ÀûÀ¸¼Ì³×¿ä;;; Àεµ½Ä ¹ßÀ½ ¾î·Æ´øµ¥ 2011/05/10  
¸Û¸Û °í»ýÇϼ̽À´Ï´Ù~ 2011/05/11  
22   ÀÚ¸·[1]     d4rkang3l
 06/21 1468
21   Àú±â Á˼ÛÇѵ¥,,[1]     bluemario
 05/12 1668
20   ÀúÀÚ¸·ÀÌ¿ä(¹Ì¿Ï¼º)[1]     d4rkang3l
 06/09 1502
19   Àú Æ÷±â..Çؾ߰ڳ׿©     d4rkang3l
 08/07 2661
18   À̹ø ÀÛ¾÷(nish_bhalla_auditing_source_code) ¿øº» ÆÄÀÏÀÌ¿ä.     W.H.
 05/03 1729
17   9¹øÆÄÆ® dictationÀÔ´Ï´Ù[13]     neb91
 08/26 2310
16   8¹ø ÆÄÆ®ÀÔ´Ï´Ù[1]     Prox
 05/11 1646
15   7¹ø, 9¹ø, 10¹ø, 11¹ø ÆÄÆ® ¸Ã¾ÆÁÖ½Ç ºÐ ¸ð½Ê´Ï´Ù~[9]     ¸Û¸Û
 08/09 2404
14   7¹ø ÆÄÆ® ÂÉ°³ÁÖ½Ç ºÐ ã½À´Ï´Ù.[2]     ¸Û¸Û
 05/11 1623
13   7¹ø ÆÄÀÏ[4]     ¼­°æÀç
 05/15 1487
12   6¹ø ÆÄÆ® ¾Èµé¸®´Â °Íµé ¸¹ÀÌ ¸øÇ߳׿䠠   ahotsuna
 08/02 1787
11   5¿ù 20ÀÏ Á¤Æà ³»¿ë ¿ä¾àÀÔ´Ï´Ù.[4]     ¸Û¸Û
 05/21 1598
10   5¿ù 16~20ÀÏ °£ÀÇ ¹ø¿ª ½ºÄÉÁìÀÔ´Ï´Ù.     ¸Û¸Û
 05/16 1504
9   5¹ø ÆÄÀÏ[1]     ¼­°æÀç
 05/10 1645
8   4¹ø ÆÄÆ® ¹ø¿ª ¿Ã¸³´Ï´Ù.     babyalpha
 08/01 1658
7   4¹ø ÆÄÆ® ¸®½º´×&¹ø¿ª ³»¿ëÀÔ´Ï´Ù.[1]     ¸Û¸Û
 05/09 1750
6   3¹ø° ÆÄÆ® ¾Èµé¸®´Â ºÎºÐ »©°í ´ÙÇß½À´Ï´Ù[9]     ahotsuna
 05/04 1887
5   2¹ø ÆÄÆ® ¸®½º´×&¹ø¿ªÀÔ´Ï´Ù.[2]     stardung86
 05/09 1673
  1¹ø ÆÄÆ® ÀÏ´Ü Áö±Ý±îÁö ÇÑ°Å ¿Ã¸³´Ï´Ù.[2]     W.H.
 05/10 1746
3   13¹ø ÆÄÆ® ¹ø¿ªÀÔ´Ï´Ù.     20500
 08/01 1590
2   12¹ø ÆÄÆ® (ºóÄ­ÀÌ ¸¹¾Æ¿ä)     Prox
 08/03 2016
1   11ÀÏ ¼ö¿äÀÏ ³· 12½Ã¿¡ 1Â÷ Á¤¸®¸¦ ÇÏ°Ú½À´Ï´Ù.[1]     ¸Û¸Û
 05/11 1587
[1][2][3] 4

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org