Calagator

Support Calagator on Patreon

Get Involved: Blog | Forum | Code
Something not right? File an issue

Change 49535

Time

Attribute with previous and current values

Change #49535

2018-07-31

11:09:14

create Calagator::Event 1250474069 OWASP Portland Chapter Meeting - SAST and the Bad Human Code Project Roll back

description	nil	→	SAST and the Bad Human Code Project: Static application security testing (SAST) is the automated analysis of source code both in its text and compiled forms. Lint is considered to be one of the first tools to analyze source code and this year marks its 40th anniversary. Even though it wasn't explicitly searching for security vulnerabilities back then, it did flag suspicious constructs. Today there are a myriad of tools to choose from both open source and commercial. We did a comparative analysis of scanners specifically focused on web application vulnerabilities. We then turned our attention to finding additional ways to aggregate and correlate data from other sources such as git logs, code complexity analyzers and even a roster of students who completed a secure coding class. We wanted to go beyond just triaging in isolation the vulnerable code snippets reported by the SAST scanners. People write the code so why not use these added data features in an attempt to build a predictive vulnerability model if possible. We are not there yet but learned many things along the way. We also want to call attention to a new open source initiative called The Bad Human Code Project. We need people to contribute intentionally vulnerable code snippets in as many programming languages as possible. Furthermore, we encourage folks to scan this project's repository and upload the results so others can review them for their SAST needs. Speaker's Bio: John L. Whiteman is a web application security engineer at Oregon Health and Science University. He builds security tools and teaches a hands-on secure coding class to developers, researchers and anyone else interested in protecting data at the institution. He previously worked as a security researcher for Intel's Open Source Technology Center. John recently completed a Master of Computer Science at Georgia Institute of Technology specializing in Interactive Intelligence. He loves talking with like-minded people who are interested in building the next generation of security controls using technologies such as machine learning and AI.
end_time	nil	→	2018-09-18 20:00:00 -0700
id	nil	→	1250474069
start_time	nil	→	2018-09-18 18:00:00 -0700
title	nil	→	OWASP Portland Chapter Meeting - SAST and the Bad Human Code Project
venue_id	nil	→	202393154

calagator.org 1.1.0