Source Code Scanners

Pawel Krawczyk
Application Security Consultant
Apr. 10, 2011
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
Source Code Scanners
1 of 32

Source Code Scanners

Apr. 10, 2011
Download to read offline
Technology

Overview of tools for static code security analysis, with special focus on Yasca. See http://ipsec.pl/ for more details.

Pawel Krawczyk
Application Security Consultant

Recommended

Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community33K views12 slides
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala5.6K views12 slides
Building a high quality+ products with SCABuilding a high quality+ products with SCA
Building a high quality+ products with SCASuman Sourav688 views19 slides
Introduction to robot frameworkIntroduction to robot framework
Introduction to robot frameworkChonlasith Jucksriporn1.6K views23 slides
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys1.2K views24 slides
TestWorks Conf Robot framework - the unsung hero of test automation - Michael...TestWorks Conf Robot framework - the unsung hero of test automation - Michael...
TestWorks Conf Robot framework - the unsung hero of test automation - Michael...Xebia Nederland BV756 views19 slides

More Related Content

Slideshows for you

Test automation using seleniumTest automation using selenium
Test automation using seleniumTờ Rang644 views21 slides
Introduction to Robot Framework (external)Introduction to Robot Framework (external)
Introduction to Robot Framework (external)Zhe Li1.7K views21 slides
Securing Docker ContainersSecuring Docker Containers
Securing Docker ContainersBlack Duck by Synopsys5.9K views13 slides
Integration Group - Robot Framework Integration Group - Robot Framework
Integration Group - Robot Framework OpenDaylight2.4K views17 slides
Robot frameworkRobot framework
Robot frameworkboriau5K views15 slides
JavaCro'14 - Test Automation using RobotFramework Libraries – Stojan PeshovJavaCro'14 - Test Automation using RobotFramework Libraries – Stojan Peshov
JavaCro'14 - Test Automation using RobotFramework Libraries – Stojan PeshovHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association24.5K views39 slides

Slideshows for you(20)

Test automation using seleniumTest automation using selenium
Test automation using selenium
Tờ Rang644 views
Introduction to Robot Framework (external)Introduction to Robot Framework (external)
Introduction to Robot Framework (external)
Zhe Li1.7K views
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
Black Duck by Synopsys5.9K views
Integration Group - Robot Framework Integration Group - Robot Framework
Integration Group - Robot Framework
OpenDaylight2.4K views
Robot frameworkRobot framework
Robot framework
boriau5K views
JavaCro'14 - Test Automation using RobotFramework Libraries – Stojan PeshovJavaCro'14 - Test Automation using RobotFramework Libraries – Stojan Peshov
JavaCro'14 - Test Automation using RobotFramework Libraries – Stojan Peshov
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association24.5K views
SonarqubeSonarqube
Sonarqube
Kalkey198 views
Robot Framework IntroductionRobot Framework Introduction
Robot Framework Introduction
Pekka Klärck225.1K views
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys4.8K views
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
Gene Gotimer328 views
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider1.5K views
Robot Framework : Lord of the Rings By Asheesh MRobot Framework : Lord of the Rings By Asheesh M
Robot Framework : Lord of the Rings By Asheesh M
Agile Testing Alliance929 views
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)
Madhavan Marimuthu502 views
Introduction to Robot Framework – ExoveIntroduction to Robot Framework – Exove
Introduction to Robot Framework – Exove
Exove819 views
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys816 views
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12
Franz Allan See2.5K views
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qube
Hayi Nukman1.2K views
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
Sam Bowne1.1K views
Robot Framework :: Demo login applicationRobot Framework :: Demo login application
Robot Framework :: Demo login application
Somkiat Puisungnoen5.5K views
Automated Infrastructure TestingAutomated Infrastructure Testing
Automated Infrastructure Testing
Ranjib Dey7.7K views

Viewers also liked

use case point estimationuse case point estimation
use case point estimationعبدالغني الهجار3.4K views14 slides
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong2K views16 slides
[아꿈사/110514] 멀티코어cpu이야기 시작발표[아꿈사/110514] 멀티코어cpu이야기 시작발표
[아꿈사/110514] 멀티코어cpu이야기 시작발표sung ki choi4.4K views17 slides
프로그래머가 몰랐던 멀티코어 CPU 이야기 13, 14장프로그래머가 몰랐던 멀티코어 CPU 이야기 13, 14장
프로그래머가 몰랐던 멀티코어 CPU 이야기 13, 14장SukYun Yoon10.6K views49 slides
Poster Analysis Source CodePoster Analysis Source Code
Poster Analysis Source Codekirstysals296 views5 slides
Hp Fortify Cloud Application SecurityHp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityEd Wong2.2K views22 slides

Viewers also liked(9)

use case point estimationuse case point estimation
use case point estimation
عبدالغني الهجار3.4K views
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
Ed Wong2K views
[아꿈사/110514] 멀티코어cpu이야기 시작발표[아꿈사/110514] 멀티코어cpu이야기 시작발표
[아꿈사/110514] 멀티코어cpu이야기 시작발표
sung ki choi4.4K views
프로그래머가 몰랐던 멀티코어 CPU 이야기 13, 14장프로그래머가 몰랐던 멀티코어 CPU 이야기 13, 14장
프로그래머가 몰랐던 멀티코어 CPU 이야기 13, 14장
SukYun Yoon10.6K views
Poster Analysis Source CodePoster Analysis Source Code
Poster Analysis Source Code
kirstysals296 views
Hp Fortify Cloud Application SecurityHp Fortify Cloud Application Security
Hp Fortify Cloud Application Security
Ed Wong2.2K views
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Ahmed Al Enizi2.2K views
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during development
IT Weekend1.5K views
시즌 2: 멀티쓰레드 프로그래밍이 왜이리 힘드나요?시즌 2: 멀티쓰레드 프로그래밍이 왜이리 힘드나요?
시즌 2: 멀티쓰레드 프로그래밍이 왜이리 힘드나요?
내훈 정33.6K views

Similar to Source Code Scanners

FRAUD DETECTION IN ONLINE AUCTIONINGFRAUD DETECTION IN ONLINE AUCTIONING
FRAUD DETECTION IN ONLINE AUCTIONINGSatish Chandra11K views66 slides
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and TechniquesBala Subra2.1K views59 slides
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra3.9K views59 slides
Dot Net CoreDot Net Core
Dot Net CoreAmir Barylko2.3K views53 slides
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingShyam Sunder Verma992 views42 slides
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointIvanti535 views32 slides

Similar to Source Code Scanners(20)

FRAUD DETECTION IN ONLINE AUCTIONINGFRAUD DETECTION IN ONLINE AUCTIONING
FRAUD DETECTION IN ONLINE AUCTIONING
Satish Chandra11K views
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
Bala Subra2.1K views
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
Bala Subra3.9K views
Dot Net CoreDot Net Core
Dot Net Core
Amir Barylko2.3K views
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation Testing
Shyam Sunder Verma992 views
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
Ivanti535 views
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp Philly
Brian Lyttle376 views
Непрерывное тестирование для улучшения качества кодаНепрерывное тестирование для улучшения качества кода
Непрерывное тестирование для улучшения качества кода
SQALab984 views
Performance Analysis of Idle ProgramsPerformance Analysis of Idle Programs
Performance Analysis of Idle Programs
greenwop1.2K views
Native client (Евгений Эльцин)Native client (Евгений Эльцин)
Native client (Евгений Эльцин)
Ontico3.7K views
Real-Time Communication Testing Evolution with WebRTCReal-Time Communication Testing Evolution with WebRTC
Real-Time Communication Testing Evolution with WebRTC
Alexandre Gouaillard1.3K views
Code Review with SonarCode Review with Sonar
Code Review with Sonar
Max Kleiner874 views
Intro dotnetIntro dotnet
Intro dotnet
OpenSource Technologies Pvt. Ltd.965 views
DevToolsDevTools
DevTools
boucher761 views
Unit Testing in JavaScriptUnit Testing in JavaScript
Unit Testing in JavaScript
Rob Scaduto543 views
EMBA Firmware analysis - TROOPERS22EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22
MichaelM8504290 views
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer Certification
Vskills381 views
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Alex Senkevitch91 views
How to double .net code valueHow to double .net code value
How to double .net code value
javOnet669 views
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Python
Abhay Bhargav1.1K views

More from Pawel Krawczyk

Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security FailuresPawel Krawczyk825 views52 slides
Authenticity and usabilityAuthenticity and usability
Authenticity and usabilityPawel Krawczyk65 views12 slides
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019Pawel Krawczyk602 views46 slides
Effective DevSecOpsEffective DevSecOps
Effective DevSecOpsPawel Krawczyk379 views55 slides
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain Pawel Krawczyk443 views82 slides
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionPawel Krawczyk124 views54 slides

More from Pawel Krawczyk(20)

Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security Failures
Pawel Krawczyk825 views
Authenticity and usabilityAuthenticity and usability
Authenticity and usability
Pawel Krawczyk65 views
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019
Pawel Krawczyk602 views
Effective DevSecOpsEffective DevSecOps
Effective DevSecOps
Pawel Krawczyk379 views
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain
Pawel Krawczyk443 views
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
Pawel Krawczyk124 views
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
Pawel Krawczyk824 views
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Pawel Krawczyk1.2K views
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
Pawel Krawczyk1.4K views
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
Pawel Krawczyk903 views
Are electronic signature assumptions realisticAre electronic signature assumptions realistic
Are electronic signature assumptions realistic
Pawel Krawczyk415 views
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Pawel Krawczyk656 views
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
Pawel Krawczyk1.3K views
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
Pawel Krawczyk789 views
Why care about application securityWhy care about application security
Why care about application security
Pawel Krawczyk893 views
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
Pawel Krawczyk435 views
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Pawel Krawczyk2.3K views
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
Pawel Krawczyk3.5K views
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
Pawel Krawczyk1.6K views
Real Life Information SecurityReal Life Information Security
Real Life Information Security
Pawel Krawczyk533 views

Recently uploaded

OpenFOAM benchmark for EPYC server: cavity mediumOpenFOAM benchmark for EPYC server: cavity medium
OpenFOAM benchmark for EPYC server: cavity mediumtakuyayamamoto180031 views31 slides
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityShapeBlue149 views12 slides
NoSQL Database Migration Masterclass - Session 2: The Anatomy of a MigrationNoSQL Database Migration Masterclass - Session 2: The Anatomy of a Migration
NoSQL Database Migration Masterclass - Session 2: The Anatomy of a MigrationScyllaDB31 views25 slides
GDSC23 - Info Session GDSC KIET (1).pptxGDSC23 - Info Session GDSC KIET (1).pptx
GDSC23 - Info Session GDSC KIET (1).pptxSnehaAggarwal40119 views20 slides
Deploying CloudStack with CephDeploying CloudStack with Ceph
Deploying CloudStack with CephShapeBlue108 views8 slides
Carrom Pool Mod APK.docxCarrom Pool Mod APK.docx
Carrom Pool Mod APK.docxRayJ1215 views6 slides

Recently uploaded(20)

OpenFOAM benchmark for EPYC server: cavity mediumOpenFOAM benchmark for EPYC server: cavity medium
OpenFOAM benchmark for EPYC server: cavity medium
takuyayamamoto180031 views
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack Community
ShapeBlue149 views
NoSQL Database Migration Masterclass - Session 2: The Anatomy of a MigrationNoSQL Database Migration Masterclass - Session 2: The Anatomy of a Migration
NoSQL Database Migration Masterclass - Session 2: The Anatomy of a Migration
ScyllaDB31 views
GDSC23 - Info Session GDSC KIET (1).pptxGDSC23 - Info Session GDSC KIET (1).pptx
GDSC23 - Info Session GDSC KIET (1).pptx
SnehaAggarwal40119 views
Deploying CloudStack with CephDeploying CloudStack with Ceph
Deploying CloudStack with Ceph
ShapeBlue108 views
Carrom Pool Mod APK.docxCarrom Pool Mod APK.docx
Carrom Pool Mod APK.docx
RayJ1215 views
AI and ML Series - Generative Extraction and Classification of Documents in S...AI and ML Series - Generative Extraction and Classification of Documents in S...
AI and ML Series - Generative Extraction and Classification of Documents in S...
DianaGray1067 views
Future of Virtual realityFuture of Virtual reality
Future of Virtual reality
mdpavel413 views
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
William Caban45 views
dvss.pptdvss.ppt
dvss.ppt
SaikrishnaCheruvu1354 views
A new era of Wi-Fi has arrivedA new era of Wi-Fi has arrived
A new era of Wi-Fi has arrived
Adtran67 views
An Introduction To Using ChatGPT For BusinessAn Introduction To Using ChatGPT For Business
An Introduction To Using ChatGPT For Business
Paul Nguyen56 views
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19
ShapeBlue122 views
GDSC SRMCEM Info Session 2023GDSC SRMCEM Info Session 2023
GDSC SRMCEM Info Session 2023
HariOM Dwivedi56 views
#11 DataWeave Extension Library using Visual Studio Code#11 DataWeave Extension Library using Visual Studio Code
#11 DataWeave Extension Library using Visual Studio Code
AnoopRamachandran1379 views
GDSC_Info_Session_KITTiptur.pptxGDSC_Info_Session_KITTiptur.pptx
GDSC_Info_Session_KITTiptur.pptx
RadhikaNA38 views
Diogo Monteiro- KAMK Certificate - Demola Global Project 2023.pdfDiogo Monteiro- KAMK Certificate - Demola Global Project 2023.pdf
Diogo Monteiro- KAMK Certificate - Demola Global Project 2023.pdf
DiogoMonteiro78696022 views
Mitigating Common CloudStack Instance Deployment FailuresMitigating Common CloudStack Instance Deployment Failures
Mitigating Common CloudStack Instance Deployment Failures
ShapeBlue109 views
Common - Concerns Around OpenAI.pptxCommon - Concerns Around OpenAI.pptx
Common - Concerns Around OpenAI.pptx
Alok Ranjan51 views
Doorsvision-The-Future-of-Smart-Communities gama adj.pdfDoorsvision-The-Future-of-Smart-Communities gama adj.pdf
Doorsvision-The-Future-of-Smart-Communities gama adj.pdf
Mustafa Kuğu84 views

Source Code Scanners

  1. Source code analysis tools Paweł Krawczyk

  2. „ Static analysis is great for catching common errors early ” Brian Chess (Fortify)

  4. Why find bugs early? Applied Software Measurement , Capers Jones, 1996 Building Security Into The Software Life Cycle , Marco M. Morana, 2006 Early code audit

  5. Why find bugs early? Applied Software Measurement , Capers Jones, 1996 Building Security Into The Software Life Cycle , Marco M. Morana, 2006 Pentest Late code audit

  12. Running Yasca

  13. Running Yasca

  15. Yasca reporting

  17. OWASP Code Crawler

  20. Results

  22. Microsoft FxCop

  24. Results

  25. Microsoft CAT.NET

  28. Results

  30.