Static Code Analysis - A Behind-the-scenes Look • Arno Haase • GOTO 2022

Скачать Static Code Analysis - A Behind-the-scenes Look • Arno Haase • GOTO 2022 бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Static Code Analysis - A Behind-the-scenes Look • Arno Haase • GOTO 2022 или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку Static Code Analysis - A Behind-the-scenes Look • Arno Haase • GOTO 2022 бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Static Code Analysis - A Behind-the-scenes Look • Arno Haase • GOTO 2022

This presentation was recorded at GOTO Amsterdam 2022. #GOTOcon #GOTOams
http://gotoams.nl

Arno Haase - Principal Engineer at Contrast Security

ABSTRACT
There is a wide range of tools to analyze program code and provide feedback on it - linters, IDE inspections, scanners to find bugs, check coding style or find vulnerabilities.
This session takes a technical look behind the scenes, exploring how these tools work and what challenges they face. Besides being fun to dive into, this may even help understanding the strengths and limitations of specific tools [...]

TIMECODES
00:00 Intro
01:03 File & text utilities
01:48 Challenge: Cross referencing
02:33 Abstract syntax tree
03:47 Which identifier refers to what?
05:33 Explicit support for all language features
06:26 Byte code
07:15 Which is the better choice?
08:35 Tracking flows
10:15 Assignment
11:00 Propagators
12:18 Conditional flows
14:24 Combinatorial explosion
16:08 Merging
16:53 Combinatorial explosion - Revisited
17:34 Merging - Limitations
18:37 Loops
20:15 Impossible to be precise
20:44 Function calls
21:40 Recursion
22:26 Virtual method calls
24:05 Call graph
26:33 Flow sensitivity
27:48 Aliasing
29:57 Framework / Library knowledge
31:58 Identifying unique findings
33:38 Quality of results
34:49 Levels of sophistication
35:58 Summary
37:10 Outro

Download slides and read the full abstract here:
https://gotoams.nl/2022/sessions/2016

RECOMMENDED BOOKS
Gerardus Blokdyk • Static Code Analysis Strategy A Complete Guide • https://amzn.to/3pyZZFl
Eric Miller • Static Code Analysis for Security • https://amzn.to/3dNBj9G
William Shotts • The Linux Command Line • https://amzn.to/3kpLbrl
Blum & Bresnahan • Linux Command Line and Shell Scripting Bible • https://amzn.to/3kn4j9s

  / gotocon
  / goto-
  / gotoconferences
#Serverless #Security #StaticCodeAnalysis #CodeAnalysis #Programming #Commandline #CommandlineTools #Identifier #ByteCode #FlowSensitivity

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConf...