11:45 - 12:45
With the ever-growing threat of data and compliance breaches, the security of web applications and APIs is business critical. The Sonar ecosystem enables developers to Clean Code by automatically detecting code quality and security issues during development. Security issues are typically very complex and detecting them is technically significantly more challenging than the detection of everyday code quality issues. In this talk, we talk about the techniques used behind the scenes to automatically detect such vulnerabilities. In particular, we will present a technology known as symbolic analysis, a sophisticated type of taint analysis that can detect vulnerabilities even in complex and large applications, yet remains reasonably efficient. We will focus on vulnerabilities often found in PHP applications and talk about how to solve some of the challenges encountered in this context.