What is Static Code Analysis? | AppSec 101
Вставка
- Опубліковано 10 лип 2024
- In Episode 1 of our AppSec 101 series, we sit down with Jimmy Rabon, Product Manager at Micro Focus Fortify, to learn the basics of Static Code Analysis (Static Application Security Testing, or SAST). Jimmy addresses the following common questions:
- What is Static Code Analysis?
- What are the results of Static Code Analysis?
- What are dependencies?
- What is the difference between SAST and DAST?
- Why is Static Code Analysis so important for developers?
00:00 Intro
00:59 Presenter background
03:17 Static analysis
04:50 Weaknesses & vulnerabilities
08:34 SAST vs DAST
LEARN MORE about Fortify: www.microfocus.com/en-us/solu...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: software.microfocus.com/en-us...
LEARN MORE about how Fortify received the highest score in the Gartner Critical Capabilities for Application Security Testing report for the Enterprise use case AND the Mobile and Client use case: www.microfocus.com/en-us/asse...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
CONNECT with the Fortify Online Community: community.microfocus.com/t5/F...
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips - Наука та технологія
Awesome video with great explanations. Look forward to the upcoming series!
Thanks! We're trying to add some AppSec intro material to go along with our more technical content.
00:59 my background 03:17 Static analysis 04:50 weaknesses, vulnerabilities 08:34 SAST, DAST
Sorry for the late reply, but thanks for your helpful comment.
Great video guys! Very informative and comprehensive explanation and comparison.
We appreciate the feedback and glad you found it informative!
Very great explanation. Thank you.
Glad it was helpful!
Excellent video. Will you be having Hans Enders to provide an overview of WebInspect?
He doesn't know it yet, but that's a great idea.
Thank You Sir for this video.
Can you show me difference between Compiler and Static Code Analysis?
Compilers and Static Code Analyzers have a lot in common. In fact, Fortify SCA internally leverages open source compilers in the first stage of the analysis for several languages (e.g. Java, Kotlin). The key difference is what happens after the initial parsing and resolution stages. Compilers would then proceed to output binary or byte-code, where Static Code Analyzers will run multiple analysis algorithms on the data to find security vulnerabilities. Compilers may be doing some quality checking as part of their process (e.g. warning for unused variables or similar bad-practices), but they don't do the type of security analysis that static analysis tools do.