Talks & master-classes

Static code analysis: from typos to vulnerabilities

October 12, 09:55
Room III

Discuss the presentation

In the report I will tell about the importance of the SAST (Static Application Security Testing) when developing secure, reliable applications and also about existing alternatives. Based on long-term experience of checking a large number of open source projects, I’ll tell about advantages and limits of static analysis. I’ll give fragments of code (with errors, that have become vulnerabilities) from real projects.

The report is meant for developers and project managers. It includes technical details but generally represents a review.

Sergey Khrenov

Сергей Хренов. Статический анализ кода: от опечаток к уязвимостям

Developer, PVS-Studio

C# developer in PVS-Studio team. Participates in development of the core of the C# analyzer, also engaged in creation of new diagnostics and DevOps-utilities. Author of articles about opensource-projects checks.

Sponsors & Partners

Sponsors

Gold

JetBrainsFirst Line Software

Sponsors

BellSoftPVS-Studio

Embedded

Auriga

Partners

Gold

Digital October

Main partners

RUSSOFTAP KIT

In cooperation

ACM Special Interest Group on Software EngineeringAssociation for Computing Machinery

Technical partners

CUSTIS0x1.tvMajordomo

Organizers

Software Russiai-Help