DevSecOps creates more effective security by moving the traditional gate earlier instead of the end of the pipeline, where it’s too late to effectively fix security issues. Static code analysis is the best way to move security as far left as possible by using both early detection checkers for common issues like tainted data as well as secure-by-design coding patterns that harden the code against todays common attacks. However, static analysis has a reputation for being noisy and causing extra work. We will explore tips and tricks to make sure your static analysis is delivering security...
Arthur Hicken
Parasoft
Arthur Hicken is an Evagelist for Parasoft and has been involved in automating various practices at Parasoft for over 20 years. He has worked on various projects involving the software development lifecycle, software security, complex web applications, and integration with legacy systems. Arthur Hicken has over 27 years’ experience in software development an application security. Also known as the “Code Curmudgeon” Arthur is an industry advocate for secure coding based on static analysis and participates in industry standards with UL 2900, NIST, CWE, and CERT. He also maintains the popular internet lists “SQL Injection Hall-of-Shame” and “IoT Hall-of-Shame”.