Explore a critical evaluation of Static Application Security Testing (SAST) tools in this 24-minute Black Hat conference talk. Delve into the challenges of assessing and benchmarking SAST tools, focusing on their ability to deliver relevant results and identify promised vulnerabilities. Learn about synthetic test suites and vulnerabilities as evaluation methods. Examine practical applications and real-world examples to gain insights into the effectiveness of SAST tools in detecting Common Vulnerabilities and Exposures (CVEs). Presented by Kevin Backhouse and Bas van Schaik, this talk provides valuable information for security professionals and developers looking to make informed decisions about SAST tool selection and implementation.
Overview
Syllabus
Intro
Synthetic test suites
Synthetic vulnerabilities
In practice
Outro
Taught by
Black Hat
Related Courses
-
Managing Certificates and TLS Endpoints
-
Proactive Network Security Through Vulnerability Management - Gary Miliefsky - Hack in Paris
-
CVE Behind the Scenes - The Complexity of Being Simple
-
Hiding in the Familiar - Steganography & Vulnerabilities in Pop Archives Formats
-
The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents
