Practical Static Analysis for Continuous Application Security
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Syllabus
Intro
Continuous Security
Practical Static Analysis
Why Static Analysis?
Tool Cycle
Enforce the Solution
Automate Enforcement
Continuous Integration
Code Review
Deployment Gate
Separate Process
Local Tests/Git Hook
1 - Identify a Problem
2 - Identify a Solution
Regular Expressions
Desired Flow
Bash
git diff --name-status
Multiple Rules
Create a Rule
Base Rule Class class Rule
Code to Run It
False Positives
False Negatives
Compilation vs. Static Analysis Input Program Text
S-Expressions
Ruby (RubyParser)
Python (Astroid) AstroidBuilder().string_build( get_survey(survey_id))
JavaScript (Esprima)
Bandit Custom Rule import bandit from bandit.core import test properties as test
Bandit Custom Warning
Brakeman Custom Check
Brakeman Custom Warning
Walking Esprima AST
Walking RubyParser AST
Summary
Thank you
Taught by
OWASP Foundation
Related Courses
Design of Computer ProgramsStanford University via Udacity Programming Languages
University of Virginia via Udacity Data Structures and Performance
University of California, San Diego via Coursera Introducción a Data Science: Programación Estadística con R
Universidad Nacional Autónoma de México via Coursera Applied Text Mining in Python
University of Michigan via Coursera