Finding security issues in open source

Комментарий Программного комитета:

Если не думать о безопасности своих приложений, в какой-то момент может стать поздно. Александр расскажет, какие инструменты можно использовать в ходе разработки, чтобы уменьшить количество уязвимостей, которые попадают даже в сборку на тестовую среду.

This talk will focus on security from the point of view of software testers, not security experts. It will focus on tools and areas of testing which are often forgotten and could lead to security vulnerabilities. All of this is nicely peppered with examples from the open source world, some of them coming from Red Hat's own backyard.

Alex will cover tools like bandit, Coverity, npm audit and a few more with detailed examples of open source projects that he is working on.

This talk is suitable for everyone, testers and developers alike.