Bug Hunting with Static Code Analysis - Nick Jones

preview_player
Показать описание
How do we make application security assessments more efficient? Finding and fixing security issues just before a release, when testing is often done, is time consuming and expensive when compared to finding issues earlier in the development cycle. In addition, paying security consultants to find basic buffer overflows and SQL injection can be time consuming and inefficient on large codebases.

This talk covers a number of automated analysis techniques for spotting bugs and security flaws in applications at the source code level, ranging from quick and dirty bash scripts through open source and commercial analysers to custom implementations. After reviewing how these can be used as part of bug hunting and application security assessments, it then discusses how these techniques can be baked into continuous integration systems to catch bugs as early in the development cycle as possible.
  1. Security BSides London
  2. BSidesLondon
  3. BSidesLDN2016
  4. Bug
  5. Hunting
  6. Code
Рекомендации по теме
Bug Hunting with 0:34:45

Bug Hunting with Static Code Analysis - Nick Jones

Static Kotlin Bug 0:42:52

Static Kotlin Bug Hunting • Marharyta Nedzelska • YOW! 2023

Static Kotlin Bug 0:31:04

Static Kotlin Bug Hunting By Margarita Nedzelska

Bug Hunting and 0:14:57

Bug Hunting and Exploit Development 1: Finding Flaws Using Static Analysis

How To Scan 0:03:09

How To Scan A Web Application for XSS Vulnerability - Bug Hunting

How to Analyze 1:19:49

How to Analyze Code for Vulnerabilities

Static Analysis Tools 0:09:39

Static Analysis Tools for Android

[2019] Hunting Bugs 0:41:11

[2019] Hunting Bugs To Extinction With Static Analysis by Paul Theriault

Static Code Analysis: 0:19:05

Static Code Analysis: Scan All Your Code For Bugs | Synopsys

BSides London 2016 0:34:46

BSides London 2016 Bug Hunting with Static Code Analysis Nick Jones

FixInsight: Finding Bugs 0:11:21

FixInsight: Finding Bugs with Static Code Analysis, session by Roman Yankovsky at CodeRage XI

Finding Vulnerabilities through 0:44:39

Finding Vulnerabilities through Static Analysis and Scripting

Unite 2016 - 0:32:06

Unite 2016 - Static Code Analysis: Preventing Bugs and Lag Before They Happen

Marharyta Nedzelska - 0:37:43

Marharyta Nedzelska - Static Kotlin bug hunting

Hunt on Static 0:06:46

Hunt on Static Sites | #bugbounty | #cybersecurity | FREE BUG BOUNTY COURSE

Static Code Analysis 0:19:58

Static Code Analysis With FindBugs: Step By Step Tutorial

Security Static Analysis 0:16:17

Security Static Analysis Sucks: Here's Why

Mark Shannon - 0:40:20

Mark Shannon - Finding bugs for free: The magic of static analysis.

Bug Bounty Hunting 0:15:45

Bug Bounty Hunting - Tools I Use

What is Static 0:03:44

What is Static Code Analysis?

Unlocking The Secrets 0:12:36

Unlocking The Secrets Of Static Code Analysis

AppSec NZ '21 0:19:29

AppSec NZ '21 - Bug Hunting with Static Analysis Tools - Moss Lilley, Xero

Fun with Static 0:44:20

Fun with Static Analysis Tools

Things I learned 0:36:15

Things I learned from the static analyzer - Bart Verhagen - Meeting C++ 2019

Комментарии
Автор

02:10 statis analysis 02:58 how we do code reviews 04:50 we use static code analysis tools, commercial tools get really expensive 06:48 regular languages that can be parsed by regular expressions 09:35 regexp can't count, no way to maintain state, cannot back trace 10:37 regexp are not designed for parsing programming languagues 10:55 parser 13:07 example 13:56 AST 14:38 control-flow graph 19:14 parsers, downside 19:51 the bigger picture 23:36 tools, flawfinder, Graudit, RATS, RIPS, Brakeman 25:06 build your ownm librairies platform, clang, PLY, pyparsing

domaincontroller