这篇文章介绍了Scott Norberg在代码扫描工具中遇到的问题,并分享了他为何创建自己的.NET漏洞扫描器。文章还讨论了测试工具的挑战、工程时间的投资以及利用.NET编译器的优势。 2025-2-11 10:0:0 Author: sites.libsyn.com(查看原文) 阅读量:5 收藏
Feb 11, 2025
Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.
Segment Resources:
-https://github.com/ScottNorberg-NCG/CodeSheriff.NET
Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek's iOS app, academics and industry looking to standardize principles and practices for memory safety, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-317
如有侵权请联系:admin#unsafe.sh