A few weeks ago we hosted our first DEF CON workshop. We’re grateful we had the opportunity to share some of our work with a packed room, and we learned a lot from the experience.
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
We realize many people didn’t have the chance to attend DEF CON, so we’re sharing the workshop content here as well.
While some of the large-scale infrastructure was created for the workshop and has since been turned off, you should be able to follow the slides and run most of the exercises. And if you want to keep going beyond the guided instructions, let us know and we’ll give you access to our beta platform, where you can continue to hack away.
Here’s the agenda presented at the workshop so you can get an idea of the content:
What is program analysis?
Current tools available to analyze source
Writing your first program analysis
Writing a program analysis that actually looks for something interesting
Complex analysis and refining the analysis true positive / false positive
A few notes about the exercises:
Ignore the VM instructions if you’re using a Mac — the VM was specifically for Linux and Windows users during the workshop
If you need additional help, email us at firstname.lastname@example.org
We really enjoyed the workshop, but don’t worry, we had lots of fun outside the workshop, too:
Semgrep is a fast, open-source, code scanning tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.