Keep your code safe during the development path using Opensource tools.

Practical demonstration of how a Developer can use a SAST tool for static analysis in code vulnerability, executing it in source code, byte code and/or binary and identifying security holes during the development process, analyzing many languages and codes. The ecosystem will have the opportunity to know about an open source tool that orchestrates other security tools and identifies security flaws or vulnerabilities in projects and put all results in a database for analysis and generation of metrics, working this analysis with select the languages ​​and/or tools to be used on the project based on the available stack. These languages and tools are: Python, Ruby, Javascript/Typescript, GoLang, C#, Java, Kotlin, Kubernetes, Terraform, some Leaks, Leaks(optional search in git history), PHP, C, HTML, JSON, Shell Script and Elixir, it being done in source code, byte code or binary, finding “Leaks"" checks the source code for possible leaks of credentials, private keys or hard coded passwords and analyze the project’s dependencies to check for vulnerabilities in third-party libraries. in third-party libraries.



Filipi Pires

I’ve been working Principal Security Engineer and Security Researcher at Zup Innovation, Global Research Manager at Hacker Security, Staff of DEFCON Group São Paulo-Brazil, I have talked in ...