Participants of this tutorial will gain a solid foundation in software analysis, with a strong emphasis on security. We will explore the significance of security research in software development and consider various resources and tools to discover vulnerabilities.

To illustrate these concepts, we’ll perform static analysis with Bandit on a vulnerable Python library as a case study. Additionally, we’ll understand different approaches and techniques to security-oriented analysis. Participants will gain essential knowledge to identify vulnerabilities, find potential targets for analysis, and apply research methodology.

This tutorial will cover

• Introduction to security research
• Automated software analysis - SAST vs DAST
• Research methodologies and resources
• Basics of static code analysis
• Practical examples using vulnerable software to test acquired skills

Key takeaways

• Basic concepts related to vulnerability research
• Software analysis fundamentals
• Security analysis tools