From the course: Microservices Security Workshop: From Build to Production
Join today to access over 25,500 courses taught by industry experts.
Static application security testing (SAST)
From the course: Microservices Security Workshop: From Build to Production
Static application security testing (SAST)
- [Instructor] Let's start this section by stepping back for a moment. So far, we've covered architecture authentication, front-end concerns, and secure design patterns. Now we're finally getting to scanning. If you've been in security, you're probably surprised that we've covered so much ground and haven't yet talked about any security scanners. Well, that's because there's an overall problem within the security ecosystem that is a reliance on scanners to do everything for us. So in this lesson, I want to demonstrate what some of the shortcomings of scanners are. Here, I'm going to run a quick Semgrep scan to just see what issues we find. So looking at some of these issues, the main thing that it finds is cores, which we covered earlier, is why it's not a high priority security issue. We've got this user command where our docker files are running as root, which is a serious issue. And then the only code-related finding we have is that we are vulnerable to command injection, which is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Secure libraries for common languages4m 5s
-
(Locked)
JWT crash course4m 1s
-
(Locked)
Static application security testing (SAST)3m 52s
-
(Locked)
Software composition analysis (SCA)4m 28s
-
(Locked)
Secrets management3m 47s
-
(Locked)
Infrastructure as Code (IaC) patterns4m 23s
-
(Locked)
Other shift-left stuff4m 46s
-
(Locked)
Challenge: Run and fix a SAST scan33s
-
(Locked)
Solution: Run and fix a SAST scan2m 53s
-
(Locked)
-
-
-