865
unique visitors have registered for our events in 2023

Events

Nicolas is a software engineer born and raised in Grenoble with more than 15 years of experience. After a few years in a services company and enjoying briefly banking world, he joins SonarSource in 2013 and works a few years on the Java analyzer (chances are high, if you used SonarQube on Java, that you used part of his code) before starting, two years ago, to look at how static analysis can be applied to security. More recently, Nicolas is responsible to help SonarSource's development team to organize themselves to continue to deliver a high-quality product. When not behind a keyboard you can usually find him on a bike or hiking through the Jura.

@benzonico

Malte has worked on web security and static analysis techniques for the better part of a decade. Before joining SonarSource with its acquisition of RIPS Technologies in 2020, he was a driving force behind the development of the Java security analysis engine at the latter company. Before that, he worked as a security researcher at CISPA, Saarland University, Germany, where he received his PhD in Computer Science with a focus on automated vulnerability detection in web applications in 2017. He is an enthusiastic software developer and now works as a static analysis engineer at SonarSource, currently focusing on combining the best ideas and concepts of both the SonarSource and RIPS worlds to further improve SonarSource's security offering.

@MalteSkoruppa

08.12.2020

Beer Fondue, or how you can find vulnerabilities thanks to SonarQube !

LOCATION: Online
KEYWORDS: Open Source, Language, Product, Technology

AGENDA:18:00-19:30h: Talk incl. Q/A

SPEAKER 1: Nicolas Peru   COMPANY: SonarSource
SPEAKER 2: Malte Skoruppa   COMPANY: SonarSource

SLIDES: 201208_SwissJUG_2020_Beer_Fondue.pdf
RECORDING: jug.ch YouTube-Channel

SonarQube is well known by Java Developers to assess code quality.

SonarSource, a Geneva-based company (the fondue !) developing and maintaining Sonarqube started two years ago to develop an analyser to detect vulnerabilities. In April 2020, SonarSource acquired RIPS, a german company based in Bochum (the beer !) specialized in security analysis, notably in PHP (but also Java, JS...)

This talk will let you discover what were the techniques that both editors were using and how, by combining them and getting the best of both worlds, SonarQube is now offering you an accurate analysis to find vulnerabilities in your Java code.

Due to the current situation with Covid-19, we are not currently holding any events on site. This event will be broadcast live on the Internet. You do not need to install any software or plugins, everything runs in your web browser. Registered participants will receive a link to the webinar by e-mail shortly before the event.


LANGUAGE: Talk: en / Slides: en

Nicolas is a software engineer born and raised in Grenoble with more than 15 years of experience. After a few years in a services company and enjoying briefly banking world, he joins SonarSource in 2013 and works a few years on the Java analyzer (chances are high, if you used SonarQube on Java, that you used part of his code) before starting, two years ago, to look at how static analysis can be applied to security. More recently, Nicolas is responsible to help SonarSource's development team to organize themselves to continue to deliver a high-quality product. When not behind a keyboard you can usually find him on a bike or hiking through the Jura.

@benzonico

Malte has worked on web security and static analysis techniques for the better part of a decade. Before joining SonarSource with its acquisition of RIPS Technologies in 2020, he was a driving force behind the development of the Java security analysis engine at the latter company. Before that, he worked as a security researcher at CISPA, Saarland University, Germany, where he received his PhD in Computer Science with a focus on automated vulnerability detection in web applications in 2017. He is an enthusiastic software developer and now works as a static analysis engineer at SonarSource, currently focusing on combining the best ideas and concepts of both the SonarSource and RIPS worlds to further improve SonarSource's security offering.

@MalteSkoruppa

LEVELS:

BEGINNER
The presented topic is new to the audience or only little and superficial experience exists. This talk will mainly cover basic aspects of the topic and not go into much detail.

INTERMEDIATE
The presented topic is known to the audience, serious practical experience is expected. This talk might cover some basic aspects of the topic, but will as well go into depth and details.

ADVANCED
The presented topic is well-known to the audience, serious practical experience and a deep understanding are required. This talk will not cover basics of the topic, but will go into depth, might discuss details, compare different approaches, and so on.

ALL
The topic presented is of interest to all levels and does not require any special prior knowledge.

top

Supporting members

Platin

Gold

Silver

 
 

 

About

JUG Switzerland aims at promoting the application of Java technology in Switzerland.

JUG Switzerland facilitates the sharing of experience and information among its members. This is accomplished through workshops, seminars and conferences. JUG Switzerland supports and encourages the cooperation between commercial organizations and research institutions.

JUG Switzerland is funded through membership fees.

Design
Partner

 

Contact

Java User Group Switzerland
8000 Zürich
info@jug.ch

© Java User Group Switzerland