"Code audits - how to improve the quality of the code"
Software without bugs or vulnerabilities doesn't exist. If your
organization runs software development teams they would be aware of the importance of the secure software development lifecycles and relating subjects. This webinar will introduce some basic concepts as well as tools that help developers to identify bugs before the software goes into production.
What you will learn:
What are code audits?
Why code audits?
- How to deal with closed source software?
- How to deal with open source software?
- Code Scanner
- White Source
- OWASP Dependency Check
- Web apps:
- OWASP ZAP-Proxy
- Burp suite
- Microsoft One Fuzz https://github.com/microsoft/onefuzz
Static Application Security Testing (SAST) Tools
Dynamic Application Security Testing (DAST) Tools (Primarily for web apps)
Interactive Application Security Testing (IAST) Tools - (Primarily for web apps and web APIs)
Static Code Quality Tools
Duration: 1 hour
Presenter(s)/Facilitator(s): Stefan Kelm, DFN-CERT
Affiliation (WP/Task): WP8 Task 1
Authors (content is created by): Tobias Dussa, Klaus Möller, DFN-CERT