Meetup Info

We have 2223 members!

See us on meetup.com/seajug

Agenda

18:00 Networking, food, and drinks
18:30 Presentation
20:00 Beers!

Detect complex code patterns using semantic grep

2021-09-21 18:00 @ Online event – ,
52 attending

In this talk, we'll discuss Semgrep, a fast and open-source static-analysis tool originally developed at Facebook. Semgrep makes it very simple to write custom rules and to integrate to any CI environment. It supports 17 languages including Java, has a thriving user community, and is adopted by thousands of developers and reference customers including Dropbox, Snowflake, Figma, and Chegg.

In addition to introducing semantic grep, one of the Semgrep maintainers will co-write a Semgrep Java pattern for detecting potential critical vulnerabilities like reverse-shell execution or SQL injection with Kurt Boberg, a Lead Application Security Engineer from Chegg.

Source code: https://github.com/returntocorp/semgrep
https://semgrep.dev/

Speaker bios:

Daghan Altas is the head of operations for r2c, a small startup working on giving security tools directly to developers Previously he was a Senior Director of Product Management at Cisco Meraki, responsible for the Security, SD-WAN, Service Provider, MDM and Data Analytics product portfolios. Daghan received his BS in Electronics from Université Paul Sabatier in France and received his MEng. in Microelectronics from McGill University in Montreal Canada. He also holds a Master of Information and Data Science degree from UC Berkeley.

Kurt Boberg has been an application security engineer for about 4 years. Before that he was what would now be considered DevOps building datacenter automation tooling. He uses Semgrep & domain knowledge to abstract security bugs into behavioral signatures to help our engineers squash classes of bug rather than individual instances of vulnerable antipatterns.

About

The Seattle Java User’s group has been meeting since the mid-90s in the Seattle and Eastside area. It is geared towards topics related to the Java Virtual Machine and languages which run on it such as Java, etc. You can find us on meetup.com/seajug.

SeaJUG is an all volunteer effort – which means items such as the website and mailing list are updated as schedules afford. We meet on the 3rd Tuesday of every month. We need suggestions/volunteers for topics! If you’d like to donate your time/skills to the cause, please contact Nimret Sandhu.

Chair: Nimret Sandhu
Leadership Team: Samantha Berk, Freddy Guime, Ben Garnaat, Jonatan Ivanov
Founder: Jayson Raymond