Name: Vulnerability Hunting With Static Analysis
Start: 2024-01-11T16:30:00+01:00
End: 2024-01-11T17:30:00+01:00

Static application security testing (SAST) tooling is commonly used in CI pipelines to catch security issues early. However, I see it used much less often to manually hunt for vulnerabilities. Let's say you found a vulnerable pattern in a million line code base and need to verify that there are no other cases, what do you do? In this talk I will try to convince you that if your answer is grep, then you are missing out. We will talk about SAST tooling, custom rules, custom tools and more.

Bostjan SPH

Mitja Trampuž

OWASP® Foundation

OWASP Ljubljana Chapter

OWASP® Foundation 

Technology

Web Security

Network Security

OWASP

Information Security

Application Security

Software Security

Computer Security

Web Application Security

Cybersecurity

Ethical Hacking

Penetration Testing

Cryptography

Encryption

Threat Analysis

Hacking

David Petek is an application security engineer with experience in writing security tooling, penetration testing and security research. He has 5+ years security experience in the fintech industry and 10+ years programming experience. He is active in the information security community and is one of the cofounders of the Slovenian Certified Ethical Hackers (SICEH) foundation.

David Petek

Vulnerability Hunting With Static Analysis

Online event

Share

OWASP Ljubljana Chapter

Vulnerability Hunting With Static Analysis

OWASP Ljubljana Chapter

Details

Members are also interested in