15 Audit tools

This chapter covers

Finding security vulnerabilities in a web application
Using OWASP ZAP to automatically scan for vulnerabilities
Using Security Code Scan and other static code analyzers
Learning how GitHub Advanced Security helps find security issues

In September 2019, GitHub acquired Semmle, a company providing a code analysis platform for securing software. About a year later, they had integrated and improved the code analysis service and published the results of a 5-month beta phase: 12,000 repositories were scanned, and over 20,000 security issues were identified (see http://mng.bz/woA2).

Not all security issues are visible when just looking at the code, especially for websites. As we have discussed previously in this ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

15 Audit tools

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly