Deep Static Analysis Everywhere:
Transferring the lessons learned from safety and security critical software to other software domains
How static analysis has been traditionally used for Java/.NET software – importance of precision rather than coverage because absolute quality and security was not fundamental.
How things are changing with cybersecurity issues (examples of SQL injection etc) and how the analyzers are specialized in finding security vulnerabilities, with a focus on how a semantic analyzer is able to find complex vulnerabilities not found by more simple syntactic ones (maybe a discussion about false positives vs false negatives, too?).
What changes with the diffusion of IoT: previously isolated software (embedded) is connected to the outside world and enterprise applications; importance to guarantee the invulnerability of all sw layers to protect the whole ecosystem. Comparison of different analyzers, indications for how to evaluate them and benchmarking (presentation of the independent OWASP benchmark results for static analysis tools comparison). In which phases of the sw development lifecycle static analysis can/should be used to guarantee security. SQL injection in the IoT context, with examples in a brief demo of Julia Static Analyzer
(Duration: approx. 45min)
Herby I register for the following webinar: