This extra block takes an additional (3rd) day or half of it.
During the assisted code-review we try to find vulnerabilities in the client’s own code-base. The trainer and the attendees of the course work together to spot security sensitive parts of the client’s source code and evaluate the quality of those codes. Both the trainer and the attendees play an equally important role in this process, the attendees know their own code, they are able to explain how it works, find specific parts easily, while the trainer knows what to look for, and is able to spot wrong patterns.
We do the assisted code-review lab after the main blocks to make sure that the attendees are familiar enough with the relevant security concepts.
There are several advantages of this approach:
It greatly helps the attendees to better understand the concepts they have learnt during the previous modules, since they apply those concepts directly to their own source code / software systems.
It helps the client to develop their own security-quality standards specifically tailored to their own technologies, know-hows, frameworks, etc.
The code-review also works as a partial security-audit of one (or even more) of the client’s software, improving the security quality of the chosen product.
This add-on takes 4-6 hrs.