Code Scanning That Works With Your Code - Scott Norberg - ASW #317 - podcast episode cover

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

Application Security Weekly (Audio)
Feb 11, 20251 hr 13 min
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.

Segment Resources:

-https://github.com/ScottNorberg-NCG/CodeSheriff.NET

Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek's iOS app, academics and industry looking to standardize principles and practices for memory safety, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-317

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
Code Scanning That Works With Your Code - Scott Norberg - ASW #317 | Application Security Weekly (Audio) podcast - Listen or read transcript on Metacast