The Power of Static Analysis: Strengthening Application Security from Code Scrutiny, Josh Goldberg - ASW #233
Application Security Weekly (Audio)
English - March 21, 2023 17:30 - 1 hour - 177 MB - ★★★★★ - 11 ratingsTechnology News Tech News devops sdlc applicationsecurityweekly appsec decryption devsecops Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting real issues at development-time.
Segment Resources:
https://typescript-eslint.io https://eslint.org https://blog.joshuakgoldberg.com
Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw233