Ochaun Marshall -- IaC and SAST
The Application Security Podcast
00:00
Sast in a Security Programme?
Sast is nowhere in a security programme. If it takes excess of ten minutes and thousands of dollars per each run inper each scan, that's that's nok. You should be able to look at the code and see certain consistent patterns like, hey, we're taking user input, and then somewhere down the line we're concatenating it into something that we query in the deata base. Now, you may think i'm talking about sequel, but there are plenty of other injection flaws where that is,. That exact pattern shouldn't be present, and it should be easily discoverable by looking at the cot talking about a i a c.
Transcript
Play full episode
