Agnition - The Security Code Review Swiss Army Knife - David Rook - Hack in Paris

Discover how to implement effective security code review processes with Agnition in this comprehensive talk from Hack in Paris. Learn about the challenges of teaching developers to write secure code, helping security professionals identify vulnerabilities, and producing application security metrics with integrity checks and audit trails. Explore the features of Agnition, a free security code review tool, including application profiles, a 60-question security checklist, and built-in secure coding guidance. Witness demonstrations of how Agnition addresses repeatability, integrity, and audit trail concerns while automatically generating metrics and reports. Gain insights into the limitations of automated tools, the principles of secure development, and the importance of checklists in various industries. Discover the new features of Agnition v2.0, including expanded guidance, additional report types, and an automated source code analysis module.

Introduction
Agenda
What is static analysis
Human vs software
Defect density
How long does it take
Limitations of software
Finding bugs
The good the bad and the ugly
The bad review process
The good review process
Principles of secure development
Vulnerability lists
Secure development education
Common vulnerabilities
Principles approach
What is Ignition
Checklists
The Checklist Manifesto
Heart Surgery Checklist
Cessna Checklist
Autodestruct sequence
Xray machine
NASA
Why Agnition
Good review process
Review process wasnt smart
Application profiles
Checklist
InputOutput Validation
XML Schema
Word Documents
View Report
Verify Report
Notepad File
Demo
Checklist UI
Checklist Editor
Code Analysis
Swiss Army Knife