Free as in Beer: Building a low cost static analysis program (Demo Time)

Presented at ToorCon San Diego 2021, Oct. 13, 2021, 1 p.m. (120 minutes)

We will demo tuning static analysis rules to specific environments. Attendees will need to download Semgrep, the static analysis engine our program is based upon, beforehand. We have tuned our rules extensively, which has greatly reduced our false positive rate.

We will demo tuning static analysis rules to specific environments. Attendees will need to download Semgrep, the static analysis engine our program is based upon, beforehand. We have tuned our rules extensively, which has greatly reduced our false positive rate.

Presenters:

• Erin Browning
  Erin Browning is a computer security researcher. She has worked at Latacora as a senior engineer and HCSC as a red team member. Currently, she works at Slack in product security. She teamed up with @fbz to create the cryptography scarf puzzle for Hushcon 2019.

Links:

• https://talks.toorcon.net/toorcon-2021/talk/XAQEHG/

Similar Presentations:

• AppSec USA 2016 / Practical Static Analysis for Continuous Application Security
• ShmooCon IX (2013) / Mastiff: Automated Static Analysis Framework
• ToorCon San Diego 2021 / Free as in Beer: Building a low cost static analysis program