[Owasp-leaders] This is how we have to show security vulnerabilities to developers (in real time as they are created)

Dinis Cruz dinis.cruz at owasp.org
Thu Jun 21 22:03:40 UTC 2012


I posted a PoC today that represents my vision for O2 and what I have been
trying to do for the past 5 years.

You can see the video at Real-time Vulnerability Creation Feedback inside
VisualStudio (with Greens and
Reds)<http://diniscruz.blogspot.co.uk/2012/06/real-time-vulnerability-creation.html>
where
every time the user makes a change to the code there is an auto-compilation
(using Roslyn <http://msdn.microsoft.com/roslyn>'s C# compiler) and a SAST
scan (using Cat.NET <http://www.reddit.com/r/CatNet/>)

What I like the most about this, is that I now get to think about *'the
best workflow to present developers the security guidance they need'.*

Although this PoC is quite agressive (I do a compilation and scan on every
keystoke which is a bit OTT), here is another video that shows a bigger
compilation+scan on save: Real-Time C# Solution Compilation and Security
Scanning (using Roslyn and
Cat.NET)<http://diniscruz.blogspot.co.uk/2012/06/real-time-c-solution-compilation-and.html>


What do you think?

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120621/d3519b70/attachment.html>


More information about the OWASP-Leaders mailing list