[Owasp-leaders] This is how we have to show security vulnerabilities to developers (in real time as they are created)

• Previous message: [Owasp-leaders] This is how we have to show security vulnerabilities to developers (in real time as they are created)
• Next message: [Owasp-leaders] OWASP AppSec Research 2012 - OWASP Leaders' registrations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Really cool idea.  Sort of similar to security awareness Phishing campaigns
that will give a brief "refresher course" if a target user actually clicks
on the email links (http://phishme.com/) :)  It is a great idea to leverage
these "teachable moments" effectively when you have complete attention :)

-Ryan

From:  Dinis Cruz <dinis.cruz at owasp.org>
Date:  Thu, 21 Jun 2012 23:03:40 +0100
To:  <owasp-leaders at lists.owasp.org>
Subject:  [Owasp-leaders] This is how we have to show security
vulnerabilities to developers (in real time as they are created)

> I posted a PoC today that represents my vision for O2 and what I have been
> trying to do for the past 5 years.
> 
> You can see the video at Real-time Vulnerability Creation Feedback inside
> VisualStudio (with Greens and Reds)
> <http://diniscruz.blogspot.co.uk/2012/06/real-time-vulnerability-creation.html
> >  where every time the user makes a change to the code there is an
> auto-compilation (using Roslyn <http://msdn.microsoft.com/roslyn> 's C#
> compiler) and a SAST scan (using Cat.NET <http://www.reddit.com/r/CatNet/> )
> 
> What I like the most about this, is that I now get to think about 'the best
> workflow to present developers the security guidance they need'.
> 
> Although this PoC is quite agressive (I do a compilation and scan on every
> keystoke which is a bit OTT), here is another video that shows a bigger
> compilation+scan on save: Real-Time C# Solution Compilation and Security
> Scanning (using Roslyn and Cat.NET)
> <http://diniscruz.blogspot.co.uk/2012/06/real-time-c-solution-compilation-and.
> html>  
> 
> What do you think?
> 
> Dinis Cruz
> 
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
> _______________________________________________ OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120622/12248ab6/attachment.html>

• Previous message: [Owasp-leaders] This is how we have to show security vulnerabilities to developers (in real time as they are created)
• Next message: [Owasp-leaders] OWASP AppSec Research 2012 - OWASP Leaders' registrations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]