We have been trying to put together an event on static code analysis for ages so naturally we jumped at the opportunity when Lars approached us. The only question was how to find a matching speaker for slot number two? Discussing the setup with Lars, we soon realized we needed no second speaker - Lars had material for more than one event on his own. This is going to be an epic evening!
The goal for the session is to give the participants enough knowledge to be able to determine what kind of tool as best suitable for their own projects. We will end the evening with a hands-on workshop where the theories from the evening will be used in practice.
Tonights sponsor is ÅF - once again we will meet at their great office at Grafiska vägen 2.
17:30 Food and drink
18:00 Introduction and welcome
18:10 What is static code analysis (SCA)? Pros and Cons.
The difference between pattern matching and advanced code analysis.
18:40 Compare results from different sca-tools on the same target
19:20 SCA and web frameworks
19:50 The refrigerators open and cool beverages are served. Those with
practical ambitions bring forth their laptops.
20:00 Workshop: Install and run a SCA eclipse plugin: OWASP LAPSE+
Who is Lars Andrén?
I am a software engineer by education and work, currently working at security startup Keypasco in Gothenburg. Three intense years of my life was spent developing the SCA "CodeSecure" at the company Armorize in Taipei, Taiwan ROC. Most of my time was spent with the core analyzer, which doesn't make me a bonafide security expert, but does give me a unique insight in the workings of SCA tools. When I don't scan source code I paint Warhammer models that I less and less frequently have time to play with.
Preperations for the workshop
Download and install Eclipse Helios
Download and install OWASP LAPSE+
LAPSE+ can be found here https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/lapse-plus/LapsePlus_2.8.1.jar
Just copy it to the plugins folder