Skip to content

Vulnerability Hunting With Static Analysis

B
Hosted By
Bostjan S. and 2 others
Vulnerability Hunting With Static Analysis

Details

Static application security testing (SAST) tooling is commonly used in CI pipelines to catch security issues early. However, I see it used much less often to manually hunt for vulnerabilities. Let's say you found a vulnerable pattern in a million line code base and need to verify that there are no other cases, what do you do? In this talk I will try to convince you that if your answer is grep, then you are missing out. We will talk about SAST tooling, custom rules, custom tools and more.

Photo of OWASP Ljubljana Chapter group
OWASP Ljubljana Chapter
See more events