This event has ended. Visit the official site or create your own event on Sched.
View analytic
Friday, October 23 • 12:00pm - 1:00pm
Static Analysis Security Testing for Dummies… and You

Sign up or log in to save this to your schedule and see who's attending!

Most enterprise application security teams have at least one Static Analysis Security Testing (SAST) tool in their tool-belt; but for many, the tool never leaves the belt. SAST tools have gotten a reputation for being slow, error-prone, and difficult to use; and out of the box, many of them are – but with a little more knowledge behind how these tools are designed, a SAST tool can be a valuable part of any security program.

In this talk, we’ll help you understand the strengths and weaknesses of SAST tools by illustrating how they trace your code for vulnerabilities. You’ll see out-of-the-box rules for commercial and open-source SAST tools, and learn how to write custom rules for the widely-used open source SAST tool, PMD. We’ll explain the value of customizing tools for your organization; and you’ll learn how to integrate SAST technologies into your existing build and deployment pipelines. Lastly, we’ll describe many of the common challenges organizations face when deploying a new security tool to security or development teams, as well as some helpful hints to resolve these issues

avatar for Kevin Fealey

Kevin Fealey

Principal Consultant, ASPECT SECURITY INC
Kevin Fealey is a Principal Consultant and lead of Aspect Security's Automation and Integration Services Division. He specializes in automating commercial, open source, and custom tools to provide faster security feedback to developers and real-time security dashboards to executives. Kevin strives to minimize disruptions to existing developer processes by integrating security transparently into the development process. Kevin has spoken about... Read More →

Friday October 23, 2015 12:00pm - 1:00pm
Cypress Room Norris Conference Center, Austin

Attendees (26)