Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Thursday, September 12 • 11:30am - 12:15pm
OWASP Find Security Bugs: The community static code analyzer

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The Web application development lifecycle has numerous security activities. For developers, code review is a familiar recurring activity. To support Java developers, a project was started in 2012 called, "Find Security Bugs" (FSB). It is an extension of the SpotBugs project, formerly known as, FindBugs. FSB is a community static analysis tool which targets specific vulnerabilities. Over the years FSB has evolved from a limited tool to a solid coverage of bug patterns. It is now used in many large corporations to support automation.

In this presentation, you will learn about its high-level internals and heuristics, its potential integration in developers' IDE and in continuous integration environments.

A selection of vulnerabilities found by the tool in popular applications including Spring and Struts will be explained. For each of these vulnerabilities, we will review the description of the affected component, the issue reported by the tool, the method to analyze the report and an overview of the potential risks. Along the way you will learn a few tips on increasing your efficiency with the tool.

After observing some real-world vulnerabilities, we will conclude with lessons learned from maintaining this open-source project for close to 8 years. Lessons learned will include some of the successes but also failures from the development initiatives.

avatar for Philippe Arteau

Philippe Arteau

Security Researcher, GoSecure
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs... Read More →

Thursday September 12, 2019 11:30am - 12:15pm EDT
Lincoln 2