DSC Italy

Introduzione a SAST e Mobile Security Testing

with Alessandro Braccio, Riccardo Cardelli
play_circle

Description:

** Please note this talk is in Italian**
** Si prega di notare che questo discorso sarà in italiano **

Join us for an exciting keynote as we delve into the world of Static Application Security Testing (SAST) methodology and its integration into a mature Secure Software Development Lifecycle (SDLC). We’ll provide an overview of the powerful Semgrep tool, focusing on the rule engine and the fundamentals of creating custom rules.
But that’s not all! Our project leader will showcase an intriguing Semgrep ruleset specifically designed for Android Mobile Security Testing, inspired by the OWASP Mobile Application Security Testing Guide.
Here’s a sneak peek of the agenda:

  • Introduction: Setting the stage
  • SDLC and security testing: Enhancing software development practices
  • DevSecOps: Bridging the gap between development, security, and operations
  • Semgrep Tool: Exploring its capabilities
  • Examples: Real-world scenarios
  • CLI and Web Dashboard: Navigating the interfaces
  • Rules: Understanding rule creation
  • Operators: Leveraging advanced filtering
  • Patterns: Uncovering code patterns
  • Advanced Features: Tainted mode, inline rules, extraction, metavariables, and more
  • Semgrep CLI: Mastering command-line usage
  • Semgrep Web Dashboard: Harnessing the power of the web-based interface
  • Semgrep for Android Security Testing: Safeguarding mobile applications
  • OWASP Mobile Application Security Testing Guide: A comprehensive framework
  • Semgrep Android Rules: Tailored ruleset for Android security
  • Conclusion: Wrapping up our insights

Join us for this enlightening session and expand your knowledge of Static Application Security Testing and Semgrep

Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity

Tags:

Alessandro Braccio

Senior Security Engineer at Arduino

About Alessandro Braccio

Alessandro Braccio is passionate about Product Security, in particular focus on the Application and Cloud Security field. His interests and expertise stem from DevSecOps, Cloud Security, IoT Security, OWASP Methodologies, Full-Stack Development and more! Over the last decade, he has worked as a Security Consultant, Security Engineer, Penetration Tester, Security Trainer and Full Stack Developer in a variety of companies and sectors. Currently, Alessandro works as a Senior Security Engineer at Arduino

Riccardo Cardelli

Senior Software Security Consultant & Trainer at IMQ Minded Security

About Riccardo Cardelli

Riccardo Cardelli is an Engineer in Computer Science with a curriculum in Cybersecurity. He works as a Senior Penetration Tester in IMQ Minded Security, dealing with different technical activities such as WAPT, MAPT, NPT and Training. Frequently, he contributes to the ethical hacker community by sharing new open source projects and tools.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close