Practical demonstration of how a Developer can use a SAST tool for static analysis in code vulnerability, executing it in source code, byte code and/or binary and identifying security holes during the development process, analyzing many languages and codes.
The ecosystem will have the opportunity to know about an open source tool that orchestrates other security tools and identifies security flaws or vulnerabilities in projects and put all results in a database for analysis and generation of metrics, working this analysis with select the languages ​​and/or tools to be used on the project based on the available stack.

I intend to cover during this talk:
-Presentation – 2min
-Differences between SDLC and SSDLC – 3min
-Differences between SAST, DAST, IAST, SCA, RASP, Container Scanning – 5 min
-How you can improve your Pipeline in a Secure way – 5 min
-What is Horusec (OpenSource) – 3min
-Installing Horusec – 3 min
-Run scanning in vulnerable code – 5 min
-Using Horusec in IDE – 5 min
-Using Horusec in your pipeline based on GitHub Actions – 7 min
Question

Articles published :
https://pentestmag.com/product/pentest-secure-development-lifecycle-and-pentesting/

Similar Presentations:
- https://www.youtube.com/watch?v=c74D17JsWTc
- https://www.youtube.com/watch?v=L_CYYeSTXbg