Sorry for the late reply, but thanks for your helpful comment.
@brentjenkins62354 жыл бұрын
Awesome video with great explanations. Look forward to the upcoming series!
@FortifyUnplugged4 жыл бұрын
Thanks! We're trying to add some AppSec intro material to go along with our more technical content.
@SamiEltamawy3 жыл бұрын
Great video guys! Very informative and comprehensive explanation and comparison.
@FortifyUnplugged3 жыл бұрын
We appreciate the feedback and glad you found it informative!
@roboedar2 жыл бұрын
Very great explanation. Thank you.
@FortifyUnplugged2 жыл бұрын
Glad it was helpful!
@rabella1834 жыл бұрын
Excellent video. Will you be having Hans Enders to provide an overview of WebInspect?
@FortifyUnplugged4 жыл бұрын
He doesn't know it yet, but that's a great idea.
@amjad.62443 жыл бұрын
Thank You Sir for this video. Can you show me difference between Compiler and Static Code Analysis?
@FortifyUnplugged3 жыл бұрын
Compilers and Static Code Analyzers have a lot in common. In fact, Fortify SCA internally leverages open source compilers in the first stage of the analysis for several languages (e.g. Java, Kotlin). The key difference is what happens after the initial parsing and resolution stages. Compilers would then proceed to output binary or byte-code, where Static Code Analyzers will run multiple analysis algorithms on the data to find security vulnerabilities. Compilers may be doing some quality checking as part of their process (e.g. warning for unused variables or similar bad-practices), but they don't do the type of security analysis that static analysis tools do.