This course teaches static code analysis to find security vulnerabilities before deployment. You'll use ESLint, Semgrep, and other CLI tools to analyze the pastebin source code and create custom detection rules.
Overview
Syllabus
- Unit 1: Introduction to SAST
- Meet Your SAST Toolkit
- Unit 2: ESLint Security Scanning
- Running Your First ESLint Scan
- Fixing Object Injection in Cache
- Preventing ReDoS in Search Endpoint
- Adding Input Validation Guards
- Adjusting Security Scanner Strictness
- Unit 3: Writing Custom Semgrep Rules
- Run Your First Security Scan
- Fine Tuning Your Security Rules
- Detecting More Vulnerability Variations
- Enriching Rules with Metadata
- Teaching Rules What to Ignore
- Unit 4: Secret Detection with Gitleaks
- Running Your First Secret Scan
- Uncovering Secrets in Git History
- Generating Machine Readable Reports
- The Last Line of Defense
- Creating Environment Variable Templates
- Unit 5: Automating Security Scanning
- Your First Blocked Commit
- Installing Your First Pre-Commit Hoo
- From Blocked to Successful Commit
- Finding the Right Balance
- Building the Final Defense Layer