Code Scanning That Works With Your Code - Scott Norberg - ASW #317
11 February - 1 hour 12 minsCode scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek'...
Series Episodes
Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438
1 hour 57 mins
22 December Finished
Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539
32 mins
19 December Finished
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
54 mins
17 December Finished
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland. - SWN #538
34 mins
16 December Finished
