Description
Presented by: Tony Torralba
When adding analysis support for a new language in a SAST tool, the best way to verify that it works properly is by using it on real projects and finding real vulnerabilities. This talk will cover how Tony and team did just that for the Kotlin language in GitHub code scanning and how the team uncovered vulnerabilities in five popular open source Android projects. Tony will explain the details of each vulnerability, how the team modeled them as CodeQL queries, and how the team helped the maintainers to fix the issues.
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com