Beer Fondue, or how you can find vulnerabilities thanks to SonarQube! скачать в хорошем качестве

Beer Fondue, or how you can find vulnerabilities thanks to SonarQube!

Speaker: Nicolas Peru & Malte Skoruppa Recorded: 2020-12-08 SonarQube is well known by Java Developers to assess code quality. SonarSource, a Geneva-based company (the fondue !) developing and maintaining Sonarqube started two years ago to develop an analyser to detect vulnerabilities. In April 2020, SonarSource acquired RIPS, a german company based in Bochum (the beer !) specialized in security analysis, notably in PHP (but also Java, JS...) This talk will let you discover what were the techniques that both editors were using and how, by combining them and getting the best of both worlds, SonarQube is now offering you an accurate analysis to find vulnerabilities in your Java code. Nicolas is a software engineer born and raised in Grenoble with more than 15 years of experience. After a few years in a services company and enjoying briefly banking world, he joins SonarSource in 2013 and works a few years on the Java analyzer (chances are high, if you used SonarQube on Java, that you used part of his code) before starting, two years ago, to look at how static analysis can be applied to security. More recently, Nicolas is responsible to help SonarSource's development team to organize themselves to continue to deliver a high-quality product. When not behind a keyboard you can usually find him on a bike or hiking through the Jura. Twitter: @benzonico Malte has worked on web security and static analysis techniques for the better part of a decade. Before joining SonarSource with its acquisition of RIPS Technologies in 2020, he was a driving force behind the development of the Java security analysis engine at the latter company. Before that, he worked as a security researcher at CISPA, Saarland University, Germany, where he received his PhD in Computer Science with a focus on automated vulnerability detection in web applications in 2017. He is an enthusiastic software developer and now works as a static analysis engineer at SonarSource, currently focusing on combining the best ideas and concepts of both the SonarSource and RIPS worlds to further improve SonarSource's security offering. Twitter: @MalteSkoruppa Organized by: Java User Group Switzerland https://www.jug.ch/