Code Scanning That Works With Your Code - Scott Norberg - ASW #317
11 February 2025 - 1 hour 12 minsCode scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek'...
Series Episodes
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
47 mins
3 March Finished
OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448
1 hour 54 mins
2 March Finished
Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet... - SWN #559
32 mins
27 February Finished
Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - Elyse Gunn - BSW #436
59 mins
25 February Finished
Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Aaran Leyland - SWN #558
31 mins
24 February Finished
