Static Analysis, Testing, and Auditing for High-Level Programming Languages

This DevSecCon conference talk explores innovative methods for detecting vulnerabilities in large codebases through Static Analysis Testing (SAT) and auditing techniques for high-level programming languages. Learn how these essential security practices detect vulnerabilities, enforce coding standards, and ensure compliance before code execution. Discover the implementation of variant analysis—a powerful technique that uses known security vulnerabilities as starting points to identify similar issues across codebases. With modern development environments increasingly adopting rapid release cycles, understand why incorporating security testing early in the software development lifecycle (SDLC) is crucial for proactive risk mitigation. The 49-minute presentation provides security engineers with practical approaches to identify potential vulnerabilities and ensure comprehensive remediation across multiple codebases.