Static code analysis: from typos to vulnerabilities
October 12, 09:55
In the report I will tell about the importance of the SAST (Static Application Security Testing) when developing secure, reliable applications and also about existing alternatives. Based on long-term experience of checking a large number of open source projects, I’ll tell about advantages and limits of static analysis. I’ll give fragments of code (with errors, that have become vulnerabilities) from real projects.
The report is meant for developers and project managers. It includes technical details but generally represents a review.
C# developer in PVS-Studio team. Participates in development of the core of the C# analyzer, also engaged in creation of new diagnostics and DevOps-utilities. Author of articles about opensource-projects checks.