Vulnerability Hunting With Static Analysis
Hosted By
Bostjan S. and 2 others

Details
Static application security testing (SAST) tooling is commonly used in CI pipelines to catch security issues early. However, I see it used much less often to manually hunt for vulnerabilities. Let's say you found a vulnerable pattern in a million line code base and need to verify that there are no other cases, what do you do? In this talk I will try to convince you that if your answer is grep, then you are missing out. We will talk about SAST tooling, custom rules, custom tools and more.

OWASP Ljubljana Chapter
See more events
Online event
This event has passed
Vulnerability Hunting With Static Analysis