Name: Practical Static Analysis for Continuous Application Security
Start: 2016-10-13T10:45:00-0400
End: 2016-10-13T11:45:00-0400

Back To Schedule

Practical Static Analysis for Continuous Application Security

Static code analysis tools that attempt determine what code does without actually running the code provide an excellent opportunity to perform lightweight security checks as part of the software development lifecycle. Unfortunately, building generic static analysis tools, especially for security, is a costly, time-consuming effort. As a result very few tools exist and commercial tools are very expensive - if they even support your programming language.

The good news is building targeted static analysis tools for your own environment with rules specific to your needs is much easier! Since static analysis tools can be run at any point in the software development lifecycle, even simple tools enable powerful security assurance when added to continuous integration. This talk will go through straight-forward options for static analysis, from grep to writing rules for existing tools through writing static analysis tools from scratch.

Speakers

Justin Collins

Brakeman Guy

Justin has been an application security engineer at SurveyMonkey, Twitter, and AT&T Interactive, and is the primary author of Brakeman, a free static analysis security tool for Ruby on Rails. His commercial product, Brakeman Pro, was acquired by Synopsys in 2018.

Thursday October 13, 2016 10:45am - 11:45am EDT
Grand Central Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001

Tracks, DevOps

Attendees (94)

s
M
J
J
S
r
R
a
B
Y
N
V
View All →

AppSec USA 2016

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Justin Collins

Attendees (94)