📢 I have some exciting news: I’ve recently started a YouTube channel for “AppSec Untangled”, where I’ll be sharing some of my content in video format. Check out the video version of this story here: https://youtu.be/OC2cTxCGQIM Security code review is one of the most important activities in an AppSec engineer’s toolkit. But it is also one of the trickiest to do well, because, unlike dynamic testing, where you’re poking at a running application, here you are working directly with the code itself. And the naive approaches (e.g. reading the code line by line, or just throwing it at a static scanner) are going to leave a lot on the table. So in today’s story, we are going to discuss a methodology for performing security code reviews, and then we are going to see how to use AI to follow that same methodology and get better, more consistent results. And we’re going to do a live demo on a real open-source repository and an actual open pull request.…