Semgrep eventsVibe coding IDEs like Cursor, Microsoft Copilot, and RooCode have empowered developers to ship code significantly faster.
However, if LLMs produce bugs at the same density per line of code as humans, that means more bugs are being introduced faster than ever. Initial studies show that LLMs regularly generate vulnerable code.
As security practitioners, we have a unique opportunity to speed up our work using LLMs to accelerate security reviews. LLMs can help us quickly get a high-level understanding of the code’s architecture, coding conventions, and where different pieces of functionality are implemented (e.g., authorization, file uploads, …). And with this understanding, we can focus on vulnerability identification and complete assessments faster and with more confidence.
In this webinar, we’ll do a live walkthrough of using RooCode, a free and open-source VS Code plugin, to hunt for bugs in a real open source repository.
We’ll cover:
Rapidly Understanding Code - How to use LLMs to quickly understand any repo’s purpose, core functionality, architecture, tech stack, and more.
Security Assessment Persona - How to create a LLM “persona” that can execute multi-step analyses on your behalf.
LLM Code Review - Best practices on having an agent perform secure code review and report its findings.
Validate & Reproduce Tool Findings - How to have an agent run security MCP tools, such as Semgrep, and write a proof-of-concept reproduction script.
Report Generation - Have an LLM write a detailed report of its findings with context, impact, reproduction steps, and more.
Gotchas - How to minimize challenges with this approach, and some best practices to get unstuck when things go wrong.
We’ll release all prompts and tooling used, and leave plenty of time for questions.
See you there!