Java User Group Switzerland
Postfach 2322 • 8033 Zürich
info@jug.ch • www.jug.ch
Nicolas is a software engineer born and raised in Grenoble with more than 15 years of experience. After a few years in a services company and enjoying briefly banking world, he joins SonarSource in 2013 and works a few years on the Java analyzer (chances are high, if you used SonarQube on Java, that you used part of his code) before starting, two years ago, to look at how static analysis can be applied to security. More recently, Nicolas is responsible to help SonarSource's development team to organize themselves to continue to deliver a high-quality product. When not behind a keyboard you can usually find him on a bike or hiking through the Jura.
Malte has worked on web security and static analysis techniques for the better part of a decade. Before joining SonarSource with its acquisition of RIPS Technologies in 2020, he was a driving force behind the development of the Java security analysis engine at the latter company. Before that, he worked as a security researcher at CISPA, Saarland University, Germany, where he received his PhD in Computer Science with a focus on automated vulnerability detection in web applications in 2017. He is an enthusiastic software developer and now works as a static analysis engineer at SonarSource, currently focusing on combining the best ideas and concepts of both the SonarSource and RIPS worlds to further improve SonarSource's security offering.
08.12.2020
Beer Fondue, or how you can find vulnerabilities thanks to SonarQube !
LOCATION: Online
KEYWORDS: Open Source, Language, Product, Technology
| AGENDA: | 18:00-19:30h: Talk incl. Q/A |
SPEAKER 1: Nicolas Peru COMPANY: SonarSource
SPEAKER 2: Malte Skoruppa COMPANY: SonarSource
SLIDES: 201208_SwissJUG_2020_Beer_Fondue.pdf
RECORDING: jug.ch YouTube-Channel
SonarQube is well known by Java Developers to assess code quality.
SonarSource, a Geneva-based company (the fondue !) developing and maintaining Sonarqube started two years ago to develop an analyser to detect vulnerabilities. In April 2020, SonarSource acquired RIPS, a german company based in Bochum (the beer !) specialized in security analysis, notably in PHP (but also Java, JS...)
This talk will let you discover what were the techniques that both editors were using and how, by combining them and getting the best of both worlds, SonarQube is now offering you an accurate analysis to find vulnerabilities in your Java code.
Due to the current situation with Covid-19, we are not currently holding any events on site. This event will be broadcast live on the Internet. You do not need to install any software or plugins, everything runs in your web browser. Registered participants will receive a link to the webinar by e-mail shortly before the event.
LANGUAGE: Talk: en / Slides: en
Nicolas is a software engineer born and raised in Grenoble with more than 15 years of experience. After a few years in a services company and enjoying briefly banking world, he joins SonarSource in 2013 and works a few years on the Java analyzer (chances are high, if you used SonarQube on Java, that you used part of his code) before starting, two years ago, to look at how static analysis can be applied to security. More recently, Nicolas is responsible to help SonarSource's development team to organize themselves to continue to deliver a high-quality product. When not behind a keyboard you can usually find him on a bike or hiking through the Jura.
Malte has worked on web security and static analysis techniques for the better part of a decade. Before joining SonarSource with its acquisition of RIPS Technologies in 2020, he was a driving force behind the development of the Java security analysis engine at the latter company. Before that, he worked as a security researcher at CISPA, Saarland University, Germany, where he received his PhD in Computer Science with a focus on automated vulnerability detection in web applications in 2017. He is an enthusiastic software developer and now works as a static analysis engineer at SonarSource, currently focusing on combining the best ideas and concepts of both the SonarSource and RIPS worlds to further improve SonarSource's security offering.
Supporting members
Platin
Gold
Silver
About
JUG Switzerland aims at promoting the application of Java technology in Switzerland.
JUG Switzerland facilitates the sharing of experience and information among its members. This is accomplished through workshops, seminars and conferences. JUG Switzerland supports and encourages the cooperation between commercial organizations and research institutions.
JUG Switzerland is funded through membership fees.
Design
Partner
