Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Choosing the Right Static Code Analyzers Based on Hard Data

OWASP Foundation via YouTube

Overview

Explore the world of static code analysis in this 40-minute OWASP Foundation conference talk. Learn about different types of static analyzers, their benefits for improving code quality and security, and how to choose the right tools based on empirical data. Discover the Kampar project, which aims to provide comprehensive information about software analyzers. Delve into key considerations such as process integration, analyzer requirements, speed, scalability, and reporting capabilities. Examine the limitations of static analyzers in terms of weakness coverage and result quality. Gain insights into future challenges and opportunities for contributing to the field of static code analysis.

Syllabus

About the speaker
Outline of today's talk
What is this static analysis
What types of issues can static analysis find?
Using analyzers improves code quality & security
Build Kampar into a source of information about software analyzers, beginning with static tools
Basic information
Process integration
When & where will the analyzer run?
What inputs does the analyzer require?
Speed & scalability
Reporting
3. Coverage
Static analyzers have limited weakness coverage
5. Results quality
Challenges ahead
Make a contribution

Taught by

OWASP Foundation

Reviews

Start your review of Choosing the Right Static Code Analyzers Based on Hard Data

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.