Skip to content

247arjun/dc32-sast-workshop

Repository files navigation

DEFCON 32 SAST Workshop

Supercharge SAST: Semgrep Strategies for Secure Software is a meticulously designed workshop aimed at introducing participants to the world of Static Application Security Testing (SAST) through the lens of Semgrep, a cutting-edge tool that combines the simplicity of syntax with the power of complex analysis.

What You Will Learn

This workshop is structured to guide attendees from the foundational concepts of SAST and application security to the practical application of Semgrep for identifying and mitigating security risks in codebases.

Participants will:

  • Gain an understanding of SAST and its importance in the AppSec ecosystem.
  • Learn to navigate Semgrep’s rule syntax and create custom rules tailored to their specific security needs.
  • Engage in hands-on exercises to apply Semgrep on real-world code snippets and projects, enhancing their learning through practical application.
    • This repo contains the hands-on exercises for the workshop, with challenges and solutions for participants to test their Semgrep skills in Python, C# and TypeScript.
  • Explore the Semgrep Playground for testing and refining rules in an interactive environment.
  • Dive into advanced Semgrep features and techniques for a comprehensive security strategy.
  • Understand how Semgrep findings can be leveraged for LLM-based code analysis, taking code security to the next level.

Technical Level and Tools Used

This workshop is tailored for beginner to intermediate skill levels, focusing on practical, actionable insights that participants can immediately apply to their projects. The primary tool used will be Semgrep, supplemented by the Semgrep Playground for online rule testing.

Additional Resources

Semgrep Academy

Semgrep 101

Secure Coding

Semgrep Custom Rules Level 1

Secure Guardrails

Semgrep Documentation

Quick Start

Local scans with Semgrep

Writing Rules

Custom Rule Examples