Static Analysis Security Testing for Dummies and You
Offered By: LASCON via YouTube
Course Description
Overview
Explore the world of Static Analysis Security Testing (SAST) in this 43-minute LASCON conference talk. Gain insights into the strengths and weaknesses of SAST tools, learn how they trace code for vulnerabilities, and discover ways to customize and integrate them into existing build and deployment pipelines. Understand out-of-the-box rules for commercial and open-source SAST tools, and learn to write custom rules for the popular open-source tool, PMD. Delve into topics such as Java workflow, framework analysis, pattern matching, and data flow analysis. Address common challenges organizations face when deploying new security tools and find helpful solutions to overcome them. By the end of this talk, acquire the knowledge to effectively leverage SAST tools as a valuable component of your security program.
Syllabus
Introduction
Why do we need tools
Static Analysis
Assumptions
Workflow
Java Workflow
Framework Analysis
Pattern Matching
Data Flow Analysis
Benefits of Analysis
Why does Static Analysis take so long
Postprocessing
PMD
PMD Rule
PMD Designer
Writing the Rule
Taught by
LASCON
Related Courses
Comparing WAF and RASP - Why?LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube