Sign up to save your podcasts
Or
Share Code Scanning That Works With Your Code - Scott Norberg - ASW #317
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Code Scanning That Works With Your Code - Scott Norberg - ASW #317
Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Show Notes: https://securityweekly.com/asw-317
View all episodes
By Mike Shema
4.8
44 ratings
Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Show Notes: https://securityweekly.com/asw-317
More shows like Application Security Weekly (Video)
View all
Security Now (Audio)
2,011 Listeners
CyberWire Daily
1,028 Listeners
Pod Save America
87,868 Listeners
Darknet Diaries
8,077 Listeners
Hacking Humans
315 Listeners
Cloud Security Podcast
57 Listeners
Cybersecurity Headlines
139 Listeners