BEGIN:VCALENDAR PRODID;X-RICAL-TZSOURCE=TZINFO:-//Calagator//EN CALSCALE:GREGORIAN X-WR-CALNAME:Calagator METHOD:PUBLISH VERSION:2.0 BEGIN:VTIMEZONE TZID;X-RICAL-TZSOURCE=TZINFO:America/Los_Angeles BEGIN:DAYLIGHT DTSTART:20180311T020000 RDATE:20180311T020000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT CREATED;VALUE=DATE-TIME:20180731T180914Z DTEND;TZID=America/Los_Angeles;VALUE=DATE-TIME:20180918T200000 DTSTART;TZID=America/Los_Angeles;VALUE=DATE-TIME:20180918T180000 DTSTAMP;VALUE=DATE-TIME:20180731T180914Z LAST-MODIFIED;VALUE=DATE-TIME:20180831T072359Z UID:http://calagator.org/events/1250474069 DESCRIPTION:SAST and the Bad Human Code Project \;\n \;\nStatic app lication security testing (SAST) is the automated analysis of source cod e both in its text and compiled forms. Lint is considered to be one of t he first tools to analyze source code and this year marks its 40th anniv ersary. Even though it wasn't explicitly searching for security vulnerab ilities back then\, it did flag suspicious constructs. Today there are a myriad of tools to choose from both open source and commercial. We’ll t alk about things to consider when evaluating web application scanners th en turn our attention to finding additional ways to aggregate and correl ate data from other sources such as git logs\, code complexity analyzers and even rosters of students who completed secure coding training in an attempt to build a predictive vulnerability model for any new applicati on that comes along. \;\nWe’re also looking for people to contribute to a new open source initiative called “The Bad Human Code Project.” The goal is to create a one-stop corpus of intentionally vulnerable code sn ippets in as many languages as possible. \;\n \;\nSpeaker's Bio:&# 13\;\nJohn L. Whiteman is a web application security engineer at Oregon Health and Science University. He builds security tools and teaches a ha nds-on secure coding class to developers\, researchers and anyone else i nterested in protecting data at the institution. He previously worked as a security researcher for Intel's Open Source Technology Center. John r ecently completed a Master of Computer Science at Georgia Institute of T echnology specializing in Interactive Intelligence. He loves talking wit h like-minded people who are interested in building the next generation of security controls using technologies such as machine learning and AI. \n\nTags: owasp\, security\, static analysis\, sast\n\nImported from: ht tp://calagator.org/events/1250474069 SUMMARY:OWASP Portland Chapter Meeting - SAST and the Bad Human Code Proj ect LOCATION:Simple 120 SE Clay St Floor 2\, Portland\, OR 97214: 120 SE Clay St Floor 2\, Portland OR 97214 United States SEQUENCE:5 END:VEVENT END:VCALENDAR