Analyzing source code for vulnerabilities: A how-to workshop

Nov 18, 2021 · Irvine, United States of America

Speaker: Vickie Li, Developer Evangelist, ShiftLeft

Topic: Analyzing source code for vulnerabilities: A how-to workshop

Live stream: https://www.twitch.tv/owaspoc

Abstract and workshop preparation guide:
Writing code is hard. Writing secure code is even harder. Serious security vulnerabilities often stem from small programming mistakes. As developers, we can safeguard our applications by catching these mistakes in our own code.

Performing a source code review is one of the best ways to find security issues in code. But how do you do it? In this workshop, we will first go through the basics of how to review your code for vulnerabilities and some tactics for performing an effective security code review on your application.

But the process of manually analyzing code for vulnerabilities can be very time-consuming. In the second part of this talk, we will also talk about how to use the interactive code analysis tool Joern to make code analysis more efficient. How do you effectively trace user input in code? How can you efficiently link bug sources to sensitive sink functions? If you’d like to follow along, here is what you need to get ready.

Joern is open-sourced, download Joern and install:
$ wget https://github.com/joernio/joern/releases/latest/download/joern-install.sh
$ chmod +x ./joern-install.sh
$ sudo ./joern-install.sh

If you need help here are some important links:
Joern Community: https://discord.gg/ff3ahcFrJq
Joern Documentation: https://docs.joern.io
Joern query database: https://queries.joern.io

Speaker Bio:
Vickie Li is the resident developer evangelist at ShiftLeft. She is an experienced web developer with an avid interest in security research. She can be found on https://vickieli.dev, where she blogs about security news, techniques, and her latest bug bounty findings. She also hosts “Security Simplified”, a developer education series focusing on web security: https://www.youtube.com/c/vickielidev.

Twitter: @vickieli7
LinkedIn: https://www.linkedin.com/in/vickie-li-103a35b8

--------------------------------------------------------------------------------------
NOTE: Due to the continuing health concerns relating to the spread of the coronavirus disease (COVID-19), we will be meeting virtually until further notice.

Event organizers
  • OWASP Orange County

    OWASP Orange County Chapter. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Support your Orange County Chapter: only $50 for the entire year! Become an OWASP Member TODAY

    Recent Events
    More

Are you organizing Analyzing source code for vulnerabilities: A how-to workshop?

Claim the event and start manage its content.

I am the organizer
Social
Topics
Rating

based on 0 reviews

Featured Events