Web Developers, Beware of the Tarpits for SAST in Your Code
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the challenges and solutions for Static Application Security Testing (SAST) in web development through this 47-minute conference talk. Delve into the concept of SAST testability, examining real-world examples like CVE-2011-3357 in the Mantis bug tracker. Learn about testability patterns and their creation process, including manual and automated transformations. Gain insights into research methodologies, pattern discovery advantages, and semantic-preserving techniques. Understand the importance of developer-assisted transformations and their impact on SAST results. Conclude with an overview of future steps in improving SAST effectiveness for web developers.
Syllabus
Intro
Context: SAST and testability
CVE-2011-3357: File inclusion in mantis bug tracker
Toward testability patterns
Research methodology: overview
Phase 1: Pattern creation and SAST measurement
Dataset
Prevalence
Pattern discovery: advantages
MANUAL PATTERN TRANSFORMATION
Semantic-preserving Transformations
Over-approximations
Developer-Assisted Transformations
Results upon transformations
AUTOMATED PATTERN TRANSFORMATION
Conclusion and next steps
Contact and credits
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube