How to scale software quality and security using the open source tool Semgrep

Infos

Start: 2023-10-14 09:00
End: 2023-10-14 18:00
Location: Lothstraße 64, 80335 München

Abstract

The software security industry is shifting left. Traditional security tools have failed to address the challenges of modern engineering teams as they often are too slow, overwhelm users with false positives, and do not provide sufficient remediation help. As a result, they do not ultimately raise a company’s security bar.

In this workshop we will focus on hands-on exercises, supported by research results to teach participants how to use Semgrep by taking a different approach to security, called paved road or secure defaults.

Pieter De Cremer

Pieter De Cremer (@0xDC0DE) is a Senior Security Researcher at Semgrep, a startup working on open source static analysis tools that fit the modern developer workflow. Previously Pieter obtained his PhD doing research for the company Secure Code Warrior in cooperation with Ghent University. Pieter designed, implemented, and evaluated improvements to both training and tools provided by this company. Pieter hosts a youtube channel where he creates Semgrep tutorials as well as other security research content (https://www.youtube.com/@0xDC0DE) and has previously spoken at conferences such as OWASP, BruCON, BSides, and DEF CON. In his spare time, Pieter enjoys hitting the security conference circuit to engage with other enthusiasts around the world, his afternoon coffee ritual, and a few rounds of Apex Legends.