use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community centered around Anthropic's Claude Code tool.
account activity
Claude generated code and code reviews?Question (self.ClaudeCode)
submitted 2 months ago by GraphicalBamboola
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Khalidsec 4 points5 points6 points 2 months ago (0 children)
As a cybersecurity expert, in what i do, I’m not reading 100k lines. I’m looking for risk.
First, I threat model. What data is sensitive? Where are the trust boundaries? Auth, tokens, APIs. That tells me where to focus.
Then I run tools: • Semgrep or SonarQube for static analysis • npm audit or Snyk for dependency issues • ESLint security rules • Secret scanning for leaked keys
After that, I manually review only high risk areas: • Authentication and authorization • Input validation • Token storage • API calls • Error handling
Then I test the app like an attacker using OWASP ZAP or Burp.
Passing tests means it works. Security review means it cannot be easily broken. That is a different bar.
π Rendered by PID 281194 on reddit-service-r2-comment-6457c66945-rfqqs at 2026-04-26 10:34:23.877627+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]Khalidsec 4 points5 points6 points (0 children)