How a security engineer uses Sourcegraph from the call with André

[content-hacker]

Using Sourcegraph to patch a vulnerability

Takeaways that are applicable outside of Sourcegraph?

Problem: our web application has a lot of end points, API has different points to access. Some of these routes are more secure than others. We received a vulnerability where in one route a variable could be exposed.

Sourcegraph was helpful: between the first function being called (HTTP request comes in) needed to understand where in the chain of functions the validation should be.

Tricky tech decision where there are lots of pros and cons to weight, very contextual. Sourcegraph made it easy to see what the chain of functions would be up to the database. Also, compare with other routes that were secure and see where the validation happened in the codebase. Based on where it happened in other routes.

This work is very similar to fixing a bug expect the bug has security consequences. This speaks to any developer.

@andreeleute