Back To Schedule
Wednesday, June 8 • 11:45am - 12:30pm
Bug hunting with Static Code Analysis

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

How do we make application security assessments more efficient? Finding and fixing security issues just before a release, when testing is often done, is time consuming and expensive when compared to finding issues earlier in the development cycle. In addition, paying security consultants to find basic buffer overflows and SQL injection can be time consuming and inefficient on large codebases.

This talk covers a number of automated analysis techniques for spotting bugs and security flaws in applications at the source code level, ranging from quick and dirty bash scripts through open source and commercial analysers to custom implementations. After reviewing how these can be used as part of bug hunting and application security assessments, it then discusses how these techniques can be baked into continuous integration systems to catch bugs as early in the development cycle as possible. 


Nick Jones

@mwrlabs Nick Jones is a security consultant and penetration tester at MWR InfoSecurity, with a focus on web application and network security, and an interest in making it easier for developers to write secure applications.

Wednesday June 8, 2016 11:45am - 12:30pm BST
Track2 Main Hall, ILEC Conference Centre