Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
The past handful of years I’ve been really interested in static analysis but not from the traditional appsec program perspective of shifting left and catching bugs before they get merged. Instead I use it for code exploration, vulnerability discovery, and variant analysis. I want to share a bit about how I use these tools because truthfully, I think it helps to get more value out of them and selfishly, I want the vendors to invest more into supporting these use cases.