Presented at
BSidesLV 2023,
Aug. 8, 2023, 3 p.m.
(Unknown duration).
Everyone wants to put tests into the release pipeline, but no one wants to wait hours for them to finish. In this learning lab we will discuss multiple options for adding static application security testing (SAST) to your CI/CD, in ways that won't compromise speed or results, such as learning which results can be safely ignored, writing your own rules, company-specific checks, scanning PRs instead of commits, splitting blocking scans versus deep audit scans, etc. We will also cover ways to continuously find vulnerabilities.
Presenters:
-
Tanya Janca
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community, podcast, and training company that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things'. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. Advisor: Nord VPN, Aiya Corp Faculty: IANs Research Founder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC
-
Colleen Dai
-
Enno Liu
Enno (they/she) is a security researcher at Semgrep, specializing in static analysis. Driven by a passion for data safety and user privacy, they are interested in tools that prevent insecure code semantics while empowering the user through safer and more productive alternatives. They did research in malware analysis and obfuscation during college, and they currently create educational videos about static analysis. Enno also loves their cat Aria, listening to shoegaze music, going to raves, and cooking Chinese food.
Links:
Similar Presentations: