Achieving Scalable Code Security Scanning through AI Acceleration

An end to end masterclass on securing your codebases

Contents

Course Content

Back to top ↑

The course can be tailored to specific audiences or use cases. It has a set of standard topics which are covered and other topics which may be included.

Summary of standard topics covered

Back to top ↑

Topics to be covered include:

  • Overview – setting out the basic details of what we will be talking about in terms of code scanning and SAST.
  • Key techniques – Discuss the different techniques which can be used for this including generic “off the shelf” SAST, deterministic custom scanning rules, and LLM powered custom AI prompts
  • Technique comparison - Advantages and disadvantages of each technique based on our in-depth experience with each and which technique you will want to use in different situations, to avoid wasting time trying to use a technique in an inappropriate use case.
  • Organizational process – How to get these processes built into an organization’s existing software lifecycle
  • Generic SAST – Using “off the shelf” rules effectively to catch “low hanging fruit” and avoid reinventing the wheel.
  • Custom SAST – Introduce custom rule languages (e.g., Semgrep, CodeQL), writing rules from scratch, and scaling analysis across a codebase.
  • Basic AI Code Security Scanning – Overview of AI-based scanning, platforms, principles, and initial single-shot prompts.
  • Complex AI Code Security Scanning – AI-driven techniques for code security, including using AI to review and triage findings and creating multi-stage rules that combine deterministic rules with AI prompts to get the best of both worlds.
  • Integrating into CI – Learn how to integrate customized static and AI tests into CI pipelines with automation.
  • Summary – Recap key concepts, techniques, and takeaways from the course.

Black Hat Exclusive Content

Back to top ↑

The Black Hat version of this course “Achieving Scalable Code Security Scanning through AI Acceleration” includes additional exclusive content including:

  • A deeper dive into custom static rules and combining static and AI rules
  • Using RAG/context based techniques for better AI-based scanning
  • A market overview comparing what is available to what we are discussing in the course
  • More detail on integrating into CI/CD processes

Key Takeaways

Back to top ↑

  • The hands-on ability to use a variety of scanning techniques to solve common code security challenges.
  • The practical knowledge of how to build these into a scalable process across many codebases.
  • The approach to getting code security scanning rolled out at the organizational level.

Back to top ↑

Let's speak about this!

Back to Our Training