
Sign up to save your podcasts
Or


Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Show Notes: https://securityweekly.com/asw-317
By Security Weekly Productions4.7
3535 ratings
Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Show Notes: https://securityweekly.com/asw-317

2,009 Listeners

83 Listeners

648 Listeners

101 Listeners

1,030 Listeners

33 Listeners

28,325 Listeners

192 Listeners

136 Listeners

26,615 Listeners