This two-day cryptography workshop focuses on eradicating the crypto-related class of bugs.
Traditionally, engineering teams create, design, write code, and release software to customers by using low-level APIs, and, security decisions are on the shoulders of developers not aware of crypto dangers. However, many vulnerabilities reported to PSIRT are caused by software engineering mistakes such as misuse of security parameters, implementation of weak algorithms, overuse of inappropriate primitives, and so on.
As part of the Fortinet Secure Product Development Life Cycle Policy, this workshop is intended to teach anyone involved in engineering roles, from developers to product managers, how to review current code and build secure software by design.
This one-day workshop based on Semgrep, focuses on decreasing software security vulnerabilities by orders of magnitude.
The last secure development practice is static code analysis. This is where you analyze code for vulnerabilities. This is commonly done using a static application security testing tool, or SAST like Coverity. There are a lot of options for static code analysis, but Semgrep becomes the tool of choice to replace the myriad of existing tools in the software industry.
This workshop is designed to teach anyone involved in software development how to write custom Semgrep rules with the aim to introduce security as a quality pillar to your coding style.
This course covers three main topics: secure coding, secure design, and secure testing. The secure coding resources will help you to ship code without vulnerabilities. The secure design resources will help you to design a software architecture with security in mind. The secure testing resources will help you to launch attacks by building security test plan against the produced code.
This one-day workshop based on Semgrep, focuses on decreasing software security vulnerabilities by orders of magnitude.
The last secure development practice is static code analysis. This is where you analyze code for vulnerabilities. This is commonly done using a static application security testing tool, or SAST like Coverity. There are a lot of options for static code analysis, but Semgrep becomes the tool of choice to replace the myriad of existing tools in the software industry.
This workshop is designed to teach anyone involved in software development how to write custom Semgrep rules with the aim to introduce security as a quality pillar to your coding style.