Tweet
The Product Security teams at Facebook make extensive use of static analysis to find security vulnerabilities. We use systems like Zoncolan and the open source Python Static Analyzer (Pysa) on a daily basis. Using static analysis helped us find more than 1100 security bugs in 2018, accounting for more than a third of the bugs found by the application security team in that timeframe.
In this tutorial, we’ll cover the basics of static analysis, how to set up Pysa, and how you can write and run rules to identify vulnerabilities in your own codebase. We’ll also cover how Pysa deals with false positives and discuss its limitations as a tool. Each new concept you learn will immediately be reinforced by a practical exercise.
Attendees should leave this tutorial with all the tools they need to start applying static analysis to their Python projects at work and in open source.
A computer with Python, Pip, and Git is required for this workshop. Attendees will need to pip install pyre-check and set up a small sample project.
Speaker(s): Graham Bleaney
Location: Appsec Vlg
Discord: https://discord.com/channels/7082082...33026982690876
Event starts: 2020-08-07 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-07 13:00 (01:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:19 (UTC).
In this tutorial, we’ll cover the basics of static analysis, how to set up Pysa, and how you can write and run rules to identify vulnerabilities in your own codebase. We’ll also cover how Pysa deals with false positives and discuss its limitations as a tool. Each new concept you learn will immediately be reinforced by a practical exercise.
Attendees should leave this tutorial with all the tools they need to start applying static analysis to their Python projects at work and in open source.
A computer with Python, Pip, and Git is required for this workshop. Attendees will need to pip install pyre-check and set up a small sample project.
Speaker(s): Graham Bleaney
Location: Appsec Vlg
Discord: https://discord.com/channels/7082082...33026982690876
Event starts: 2020-08-07 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-07 13:00 (01:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:19 (UTC).