Secure Code

Git

<versioning control />

distributed version control system primarily used for tracking changes in source code during software development.

by Linus Torvalds in 2005

What is...

Git.... ?

the concept: stream of snapshot

What is...

different between others.. ?

Git basically takes a picture of what all your files look like at that moment and stores a reference to that snapshot. To be efficient, if files have not changed, Git doesn’t store the file again, just a link to the previous identical file it has already stored.

commit SHA : 67b70ef8c1929ec2214a8d92506fd3fc6d98ac1b

Hows that Work...

git flows

commited SHA : 67b70ef8c1929ec2214a8d92506fd3fc6d98ac1b

some changes

modified files

modified files

staged files

staged files

commited

commited SHA is reference by small thing of changes and become a new snapshot.

Reproduce...

standart versioning

development

staging / pre-prod / (uat/sit) / testing

production / stable / Release / LTS

Q-A/C

<Quality Assurance or Control />

QA aims to prevent defects from occurring by focusing on improving processes and systems.
QC focuses on ensuring the final product or system meets quality standards and users expectations

What is...

Quality Assurance/Control.... ?

Sonarqube

STest

<Stress Testing />

a method used to assess the performance and stability of a system or application under extreme conditions or workloads.

What is...

Stress Testing.... ?

Pros:
- Identifies System Limits
- Reveals Bottlenecks
- Prepares for Peak Usage

Cons:
- May Cause Downtime
- Resource Intensive (High load resources)

The Pro's and Cons

Stress Testing....

- k6
- Stress-ng
- Loader.io

Tools

Stress Testing....

Pentest

<Penetration Testing />

is a simulated cyberattack against a system to evaluate its security. The goal is to identify and exploit vulnerabilities before malicious attackers can do so.

What is...

Penetration Testing.... ?

- Identify vulnerabilities
- Assess the impact
- Test the effectiveness
- Provide actionable insights

Objective

Penetration Testing.... ?

- SQLinjectoin
- Cross Site Scripting (XSS)
- Un-validated Form Control
- Leak Permissions (777)
- Misleading Code-Logic

Common Case

Penetration Testing.... ?

Preventions

<Server-Side />

Terimakasih.

Git

By Abas Kankuu

Made with Slides.com

Git

  • 4

More from Abas Kankuu