Applications of Artificial Intelligence in Ad-Hoc Static Code Analysis

Presented at ToorCon San Diego 15 (2013), Oct. 20, 2013, 2:30 p.m. (20 minutes).

During a recent engagement, I was faced with *reviewing* 2.6 million lines of C#/ASP.NET code. After several hours of line by line, file by file, review, I decided to write a script to look for problems. It became apparent that the script needed a little more intelligence so I found myself applying methods from AI to tracing through source code. The end result is a static code analysis tool aptly named scat that does a parallel analysis of C# using state space search algorithms. Also, I like cats

Presenters:

• Ashaman
  I work as a Sr. Security Engineer at Security Innovation, based out of Seattle. I have a Masters in Software Engineering and an undergrad in computer science. Before joining SI, I worked at Microsoft, Disney, Harris, and Symantec (formerly Veritas) hacking code.

Similar Presentations:

• AppSec USA 2016 / Continuous Integration: Live Static Analysis using Visual Studio & the Roslyn API
• ToorCon San Diego TwentyOne (2019) / Static code analysis should work for developers, not for you
• VB2018 / Android app deobfuscation using static-dynamic cooperation