Finding vulnerabilities with automation (the SAST way)
HTML-код
- Опубликовано: 10 апр 2021
- SAST - static application security testing is a great addition to every security team's SSDL (secure software development lifecycle). See how you can build on automation to find vulnerabilities before they are reaching production code.
##############################
Want free coffee? Enter ShiftLeft's raffle for a free year of coffee! Here's how:
1. Sign up for a ShiftLeft account (using this link: bit.ly/2PMVqZW)
2. Scan an application
3. Start a free 15-day Premium ShiftLeft account
Once you've done this, let them know (bit.ly/2PMVqZW). Want additional entries into the raffle? Invite your AppSec teammates to give ShiftLeft a try, and they will give you up to three additional entries.
Three people from all entries will be selected. Good luck!
##############################
💡 If you have any questions or want to request a new video about a special topic, feel free to leave me a comment. You can also contact me on all of my social medias below.
💖 I need your help. Subscribe to this channel, link and retweet my videos and share them with your friends. This going to help make this project more sustainable in the long-run.
👕 If you fancy some swag, make sure to check out teespring.com/stores/hackspla...
💙 Last but not least: Subscribe to my Twitter channels / hacksplained & / pascalsec , and support me on Patreon / hacksplained or www.buymeacoffee.com/hackspla...
Hello 🙂 i have long time and i was searching for tool or something like i give it the source code and she find the mistakes inside and vulnerability's i think that help me on my journey and im new in bug hunting 😅
That's awesome topic i was looking for static analysis tools on owasp some is outdated for php/javascript or tons of false positive
Glad to hear that 😇
may i know how or what localhost u used during test time? not sure how to do that
I am not sure if I understand the question correctly? Can you elaborate a bit more what you mean please?
Please tell me the mm:ss time in the video where you are having troubles.
Awesome! Can this be ran via GitHub actions?
Yes, this is coming in the next video regarding SAST tools :)
@@Hacksplained Cool! 😎
So can we analyse apk?
Good question, would have to google that by myself :) Check out the supported programming languages in the doc!
Can this be used on any programming language?
The software supports multiple languages. Keep checking out their docs as more languages are getting added!
@@Hacksplained alright thank you sir. Anymore upcoming videos on finding vulnerabilities with automation?
@@Kinoti9 yeeees!! There are some plans 😇
Awesome!!! Didi you know.the insidersec.io tool? I'm testing it.
No, haven't heard of it before 😬
Hi @@Hacksplained. I am Edson from InsiderSec's Marketing Team, I saw your comment about InsiderSec and we will make available a InsiderSec Premium License to you test for a month. Keep in touch thrue my e-mail edson.genuino@konkerlabs.com.br
First comment
Niiiiiiiiiice :)