Choosing the Right Static Code Analyzers Based on Hard Data
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the world of static code analysis in this 40-minute OWASP Foundation conference talk. Learn about different types of static analyzers, their benefits for improving code quality and security, and how to choose the right tools based on empirical data. Discover the Kampar project, which aims to provide comprehensive information about software analyzers. Delve into key considerations such as process integration, analyzer requirements, speed, scalability, and reporting capabilities. Examine the limitations of static analyzers in terms of weakness coverage and result quality. Gain insights into future challenges and opportunities for contributing to the field of static code analysis.
Syllabus
About the speaker
Outline of today's talk
What is this static analysis
What types of issues can static analysis find?
Using analyzers improves code quality & security
Build Kampar into a source of information about software analyzers, beginning with static tools
Basic information
Process integration
When & where will the analyzer run?
What inputs does the analyzer require?
Speed & scalability
Reporting
3. Coverage
Static analyzers have limited weakness coverage
5. Results quality
Challenges ahead
Make a contribution
Taught by
OWASP Foundation
Related Courses
Financial Sustainability: The Numbers side of Social Enterprise+Acumen via NovoEd Cloud Computing Concepts: Part 2
University of Illinois at Urbana-Champaign via Coursera Developing Repeatable ModelsĀ® to Scale Your Impact
+Acumen via Independent Managing Microsoft Windows Server Active Directory Domain Services
Microsoft via edX Introduction aux conteneurs
Microsoft Virtual Academy via OpenClassrooms