Keeping It SAST-y

Track: Security
Abstract
SAST, SCA, DAST, IAST, RASP? What is the meaning of all these security tools and what do they mean to developers? With the threat to application security ever increasing, it is more important than ever to understand how to leverage tooling effectively to be your trusty sidekick in the battle against cybercrime. In this session, we’ll dive into static application security testing (SAST), static analysis concepts, and the strategies behind it. We’ll also discuss how to take advantage of tools to painlessly improve code security.
Theresa Mammarella
Theresa’s current role is as a developer advocate at Sonatype. She is a software engineer and open source contributor especially focused on JVM and compiler related projects.
Eddie Knight
Eddie Knight is a Software and Cloud Engineer with a background in banking technology. His current role on Sonatype's Developer Relations team enables him to overlap his passion and job duties, as he focuses on developing secure open source software– including contributions to OpenSSF, CNCF, and maintainer for the Compliant Financial Services project in FINOS. When he isn’t working or caring for his newborn son, Eddie enjoys woodworking and creative writing.