Security Weekly Podcast Network (Audio)

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

Feb 11, 2025

Scott Norberg, a web security specialist with nearly 20 years of experience using Microsoft technologies, shares his journey of developing a custom code scanner to tackle .NET vulnerabilities. He discusses the shortcomings of existing code scanning tools and the complexity of maintaining secure code. The conversation highlights the importance of accurate vulnerability detection, training developers, and fostering a positive security culture. Norberg also explores challenges in cloud security and the need for transparency in data privacy practices.

01:12:52

Creator website

Episode guests

Scott Norberg

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Effective code scanning is critical for identifying vulnerabilities, but many existing tools fail to detect issues, necessitating customized solutions.

Building a culture of security awareness within development teams dramatically improves the consistent application of secure coding practices across various projects.

The integration of AI in code scanning can enhance vulnerability detection, but expert guidance remains essential for effective implementation and oversight.

Deep dives

The Importance of Secure Coding Practices

Secure coding practices are essential for preventing vulnerabilities in applications. Developers are encouraged to prioritize security by using secure defaults, supporting passkeys, and targeting specific vulnerability classes. Building a culture of security awareness within development teams is vital to ensuring that secure coding principles are understood and applied consistently. Encouraging developers to write secure code and integrate security measures into their workflows can significantly reduce the risk of exposing applications to attacks.

Intro

5min

Navigating Code Scanning Challenges

28min

Evaluating Code Scanning Tools and Best Practices in Application Security

7min

Navigating Vulnerabilities in Cloud Security

6min

Understanding Collective Cybersecurity Responsibility

14min

Data Privacy Challenges and Security Concerns

10min

Exploring Threat Modeling and Vulnerabilities with a Fun Emoji Twist

4min

Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier.

Segment Resources:

-https://github.com/ScottNorberg-NCG/CodeSheriff.NET

Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek's iOS app, academics and industry looking to standardize principles and practices for memory safety, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-317

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Weekly Podcast Network (Audio)

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Secure Coding Practices

The Role of Code Scanning Tools

Challenges in Application Security Scaling

Adopting a Developer-Centric Approach

Artificial Intelligence and Applications Security

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Weekly Podcast Network (Audio)

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Secure Coding Practices

The Role of Code Scanning Tools

Challenges in Application Security Scaling

Adopting a Developer-Centric Approach

Artificial Intelligence and Applications Security

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights