Code Scanning That Works With Your Code - Scott Norberg - ASW #317
11 February - 1 hour 12 minsCode scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek'...
Series Episodes
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
1 hour 8 mins
16 September Finished
Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424
1 hour 40 mins
15 September Finished
Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More... - SWN #511
33 mins
12 September Finished
Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412
1 hour 11 mins
10 September Finished
Hellhounds, Anthropic, iCloud, NPM, gitforked, notdoor, TOR, Signal, Josh Marpet - SWN #510
32 mins
9 September Finished
