HomeОбразованиеRelated VideosMore From: Hackfest HF

Static-Analysis Tools: Now you’re Playing with Power! (Philippe Arteau)

3 ratings | 229 views
Static-Analysis Tools: Now you’re Playing with Power! You are performing penetration testing on Web applications. Do you systematically perform code reviews when you have source code access? Code review is an exercise that can prove to be an important ally. However, code review can be difficult. Thousands or even millions of lines of code will be targeted. How to prioritize and perform an effective assessment? With tools and automation of course! In this presentation, an overview of the static analysis tools will be made. The presentation of a basic methodology will also be presented. Demonstrations with FindSecBugs (Java/JVM), Brakeman (Ruby) and Bandit (Python) tools are to be expected. Biography Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He created a static analysis tool for .NET called Roslyn Security Guard. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and a few others. Instructor in application security, he also presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest, Confoo and JavaOne.
Html code for embedding videos on your blog
Text Comments (0)

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.