Export or edit this event...

Portland, Oregon OWASP Study Night (Virtual) - Detect Complex Code Patterns Using Semantic Grep


RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/

Abstract: We’ll discuss a program analysis tool we’re developing called Semgrep. It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Semgrep while at Facebook. He’s now full time with us at r2c.

Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.

Speaker bio: Clint Gibler (@clintgibler) is the Head of Security Research for r2c, a small startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups.Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and DevSecCon Seattle/London/Tel Aviv/Singapore. Clint holds a Ph.D. in Computer Science from the University of California, Davis.Want to keep up with security research? Check out tl;dr sec, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/