[Owasp-leaders] This is how we have to show security vulnerabilities to developers (in real time as they are created)
dinis.cruz at owasp.org
Thu Jun 21 22:03:40 UTC 2012
I posted a PoC today that represents my vision for O2 and what I have been
trying to do for the past 5 years.
You can see the video at Real-time Vulnerability Creation Feedback inside
VisualStudio (with Greens and
every time the user makes a change to the code there is an auto-compilation
(using Roslyn <http://msdn.microsoft.com/roslyn>'s C# compiler) and a SAST
scan (using Cat.NET <http://www.reddit.com/r/CatNet/>)
What I like the most about this, is that I now get to think about *'the
best workflow to present developers the security guidance they need'.*
Although this PoC is quite agressive (I do a compilation and scan on every
keystoke which is a bit OTT), here is another video that shows a bigger
compilation+scan on save: Real-Time C# Solution Compilation and Security
Scanning (using Roslyn and
What do you think?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders