How to gain value from SAST tools in SDLC: Most common findings and mitigations by Stella Varvarigou
Вставка
- Опубліковано 12 тра 2023
- Shifting security left has become an important concern for Software Development Life Cycle. SAST tools is a way of achieving the integration of security checks in the earlier phases of the development.
In this talk, we are going to see how SAST tools add value to the development process in order to make sure that teams develop more secure code. SAST tools can help a developer have visibility on the security posture of the system and help them set specific goals.
In addition, we are going to discuss what are the most common findings according to our experience. Our clients come from several sectors like finance, banking and telecommunications. In the past year we have worked with at least 10 different developer teams from 10 different systems on a regular basis. What we do is monitor the systems in terms of SAST findings using Checkmarx and an assessment done by SIG Security model. In every cycle we as consultants filter out the false positive findings and help the teams prioritise the most critical. When needed we propose solutions and appropriate mitigations. In this presentation all the gained experience is going to be presented and additionally examples of mitigations of the most common findings will be given.
Our goal is to give the developers the perspective of how to integrate SAST tools in their daily work and use them to produce more secure software. - Наука та технологія
