OWASP Atlanta is a local meetup that uses the framework from the Open Web Application Security Project, a well-known tool of security practitioners. The group has presentations about web and mobile development security.

Upcoming OWASP Atlanta Meetings

Events - OWASP Atlanta

Events - OWASP Atlanta
  • OWASP Atlanta

    Discussion:

    We will be discussing a program analysis tool we’re developing called Semgrep. It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Semgrep while at Facebook. He’s now full time with us at r2c.

    Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.

    For example, find subprocess calls with shell=True in Python using the query:
    subprocess.open(..., shell=True)
    This will even find snippets like:
    import subprocess as s
    s.open(f'rm {args}', shell=True)

    Or find hardcoded credentials using the query:
    boto3.client(..., aws_secret_access_key=”...”, aws_access_key_id=”...” )

    Source code: https://github.com/re...
    Test in your browser: https://semgrep.dev/...

    Speaker Bio:

    Sabrina Brogren is a software engineer at r2c, the company that maintains Semgrep, an open-source syntax-aware code search tool. She recently received her M.S.E. in Computer Science from University of Michigan, while being a TA for the Computer Security course. Her passion for security brought her to r2c, where she does full-stack development on the semgrep.dev web app. In her free time, she spends way too much time doing puzzles, running, and trying new recipes (because what else is there to do in quarantine?).

    Atlanta, - USA

    Thursday, January 21 at 6:30 PM

    29

    https://www.meetup.com/OWASP-Atlanta/events/275309969/