** Please note this talk is in Italian**
** Si prega di notare che questo discorso sarà in italiano **
Join us for an exciting keynote as we delve into the world of Static Application Security Testing (SAST) methodology and its integration into a mature Secure Software Development Lifecycle (SDLC). We’ll provide an overview of the powerful Semgrep tool, focusing on the rule engine and the fundamentals of creating custom rules.
But that’s not all! Our project leader will showcase an intriguing Semgrep ruleset specifically designed for Android Mobile Security Testing, inspired by the OWASP Mobile Application Security Testing Guide.
Here’s a sneak peek of the agenda:
- Introduction: Setting the stage
- SDLC and security testing: Enhancing software development practices
- DevSecOps: Bridging the gap between development, security, and operations
- Semgrep Tool: Exploring its capabilities
- Examples: Real-world scenarios
- CLI and Web Dashboard: Navigating the interfaces
- Rules: Understanding rule creation
- Operators: Leveraging advanced filtering
- Patterns: Uncovering code patterns
- Advanced Features: Tainted mode, inline rules, extraction, metavariables, and more
- Semgrep CLI: Mastering command-line usage
- Semgrep Web Dashboard: Harnessing the power of the web-based interface
- Semgrep for Android Security Testing: Safeguarding mobile applications
- OWASP Mobile Application Security Testing Guide: A comprehensive framework
- Semgrep Android Rules: Tailored ruleset for Android security
- Conclusion: Wrapping up our insights
Join us for this enlightening session and expand your knowledge of Static Application Security Testing and Semgrep
Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity