[Owasp-leaders] This is how we have to show security vulnerabilities to developers (in real time as they are created)

Rogan Dawes rogan at dawes.za.net
Fri Jun 22 05:01:18 UTC 2012


On 22/06/2012 00:03, Dinis Cruz wrote:
> I posted a PoC today that represents my vision for O2 and what I have
> been trying to do for the past 5 years.
>
> You can see the video at Real-time Vulnerability Creation Feedback
> inside VisualStudio (with Greens and Reds)
> <http://diniscruz.blogspot.co.uk/2012/06/real-time-vulnerability-creation.html> where
> every time the user makes a change to the code there is an
> auto-compilation (using Roslyn <http://msdn.microsoft.com/roslyn>'s C#
> compiler) and a SAST scan (using Cat.NET <http://www.reddit.com/r/CatNet/>)
>
> What I like the most about this, is that I now get to think about /'the
> best workflow to present developers the security guidance they need'./
>
> Although this PoC is quite agressive (I do a compilation and scan on
> every keystoke which is a bit OTT), here is another video that shows a
> bigger compilation+scan on save: Real-Time C# Solution Compilation and
> Security Scanning (using Roslyn and Cat.NET)
> <http://diniscruz.blogspot.co.uk/2012/06/real-time-c-solution-compilation-and.html>
>
>
> What do you think?
>
> Dinis Cruz

VERY cool, Dinis! Wow! I think that would be a great help for developers.

Rogan



More information about the OWASP-Leaders mailing list