SecAppDev 2023 Faculty
Security research manager, Semgrep
Claudio is a veteran security expert. After completing his Master in Computer Engineering at the Politecnico di Milano University, he started a now more than 15 years long journey in the security space. Security consultant first, then moving through different roles, from sales engineering to security research and product engineering. He fell in love with static source code analysis early on and spent most of his career working with, and on, the leading solutions. He’s now leading the security research team at Semgrep, and trying to make the world a safer place, one rule at a time.
Don't miss out on SecAppDev!Subscribe to the mailing list
Secure defaults: developer-friendly security
Monday June 12th, 14:00 - 15:30
We will go over the vision for secure defaults, and then discuss how we can improve processes, training and tools to support this approach. The advice in this session is backed by my research.
Key takeaway: Security is no longer just the responsibility of the expert. Security training and tools should be adapted to fit a developer audience
How to scale software quality and security using the open source tool Semgrep
Friday June 16th, 09:00 - 17:30
The software security industry is shifting left. Traditional security tools have failed to address the challenges of modern engineering teams as they often are too slow, overwhelm users with false positives, and do not provide sufficient remediation help. As a result, they do not ultimately raise a company’s security bar.
In this workshop we will focus on hands-on exercises, supported by research results to teach participants how to use Semgrep by taking a different approach to security, called paved road or secure defaults.
Learning goal: Why the current approach to software security is not working. How to automate code review to free up your time for higher impact work. Best practices in rolling out continuous code scanning, and how to write custom Semgrep rules.