Skip to content

Details

Joint event with OWASP Dorset (https://www.meetup.com/OWASP-Dorset-Chapter/) , OWASP Suffolk (https://www.meetup.com/OWASP-Suffolk-Chapter/) , and OWASPReading (https://www.meetup.com/OWASP-Reading-Chapter/)

Agenda:

  • OWASP Updates
  • Talk: Enforcing Code & Security Standards with Semgrep, with Clint Gibler Head of Security Research for r2c
  • Open discussion

Talk: Enforcing Code & Security Standards with Semgrep

Abstract: In this talk, we’ll present Semgrep (https://semgrep.dev), an open source, lightweight static analysis tool. It's like a code-aware grep, enabling you to easily search for complicated code patterns without writing painful abstract syntax tree (AST) visitors or using heavyweight, expensive, proprietary traditional SAST tools.

Key Semgrep features:

  • Fast - scans code in minutes, not hours or days.
  • Does not require the source code you’re scanning to be buildable.
  • Comes out of the box with over 1,000 open source rules covering the OWASP Top 10 and more.
  • Supports languages including Python, Java, Golang, JavaScript, TypeScript, Ruby, and more on the way.
  • Autofix - Don't just point out bugs, help developers fix them!
  • Most importantly, Semgrep makes it easy to write custom rules, no fancy DSL required. This empowers AppSec engineers and developers to detect and block company-specific security bugs and anti-patterns as well as enforce best practices.

We’ll demo how to easily write custom Semgrep rules tailored to your specific code base, and how to get continuous security coverage in CI in a just a few minutes.

Bio: Clint Gibler (@clintgibler) is the Head of Security Research for r2c, a startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and many DevSecCons. Clint holds a Ph.D. in Computer Science from the University of California, Davis. Want to keep up with security research? Check out tl;dr sec, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. https://tldrsec.com/

Zoom Details:
https://zoom.us/j/99991967393?pwd=Wm9rcmhCTVQzT0dDZGcvQXZhV3RTdz09
Meeting ID: 999 9196 7393
Passcode: 016186
Find your local number: https://zoom.us/u/aQJMDth3P

Sponsors

Click HERE for details

Click HERE for details

Raise your awareness to our membership become a sponsor!

JustEat Technology

JustEat Technology

Venue and food!

Cray

Cray

Venue

ForgeRock

ForgeRock

Venue

You may also like