SonarQube and Static Application Security Testing
SonarQube’s Code Security for Developers
SonarQube’s Security Vulnerabilities & Hotspots overview
5 minutes Demo of SonarQube in Action!
Summary & wrap up
Application security comes from making sure that data is sanitized before hitting critical system parts (Database, File System, OS, etc.)
Sometimes called taint analysis - it's the ability to track untrusted user input throughout the execution flow from the vulnerability source to the code location (‘sink’) where the compromise occurs.