This episode provides a deep dive into Static Application Security Testing (SAST) tools. Learn how they work, why they don't work as well as you think they will in certain use cases, and find some novel ways apply them to your organization. Special thanks to John Steven for coming on the show to share his expertise.
Special thanks to our sponsor Praetorian for supporting this episode.
Full Transcripts - https://docs.google.com/document/d/1zoA70k78IjqyJky-2u7_-i2jlWke8_cb
Chapters:
- 00:00 Introduction
- 02:51 Source Code Analyzers
- 04:22 The three bears of Static Analysis
- 06:01 Do Linters work Better?
- 08:00 The Value of Full Programming Analysis Tools over Linters
- 11:30 The Impact of a Developer's Analysis on a Developer Environment
- 13:05 SAST Testing
- 15:47 OWASP Benchmarking
- 19:13 The First Static Analysis Tools
- 20:53 Can you break up that worry about Automated Testing?
- 22:44 Using Static Analysis for Defect Discovery
- 24:18 Using Static Analysis to Improve Web Security
- 31:37 Using Static Analysis to Drive Cloud Security
- 33:15 The Second Thing to Look Out for When Choosing a Static Analysis Tool
- 34:55 Using Static Analysis to Build a Vulnerability Management Practice
- 37:35 Can you use Static Analysis to Find Insider Threat?
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.