BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:bf7f0dbc-017c-43e1-8b58-e79615680d08
DTSTAMP:20260528T200950Z
SUMMARY:Applying Pysa to Identify Python Security Vulnerabilities
DESCRIPTION:The Product Security teams at Facebook make extensive use of st
 atic analysis to find security vulnerabilities. We use systems like Zoncol
 an and the open source Python Static Analyzer (Pysa) on a daily basis. Usi
 ng static analysis helped us find more than 1100 security bugs in 2018\, a
 ccounting for more than a third of the bugs found by the application secur
 ity team in that timeframe.\n\nIn this tutorial\, we’ll cover the basics
  of static analysis\, how to set up Pysa\, and how you can write and run r
 ules to identify vulnerabilities in your own codebase. We’ll also cover 
 how Pysa deals with false positives and discuss its limitations as a tool.
  Each new concept you learn will immediately be reinforced by a practical 
 exercise.\n\nAttendees should leave this tutorial with all the tools they 
 need to start applying static analysis to their Python projects at work an
 d in open source.\nA computer with Python\, Pip\, and Git is required for 
 this workshop. Attendees will need to pip install pyre-check and set up a 
 small sample project.\n\nSpeaker(s): Graham Bleaney\n\nLocation: Appsec Vl
 g\n\nDiscord: https://discord.com/channels/708208267699945503/732733026982
 690876\n\nEvent starts: 2020-08-07 11:00 (11:00 AM) PDT (UTC -07:00)\n\nEv
 ent ends: 2020-08-07 13:00 (01:00 PM) PDT (UTC -07:00)\n\nFor the most up-
 to-date information\, please either visit https://info.defcon.org\, or use
  HackerTracker\, which is available for iOS and Android. This is an automa
 ted message\, and this data was last modified 2020-07-29T02:19 (UTC).
URL:https://forum.defcon.org/node/234038
DTSTART:20200807T190000Z
DTEND:20200807T210001Z
LOCATION:Appsec Vlg
END:VEVENT
END:VCALENDAR