Hello, I am also starting with infosec, most specifically secure development. About automatized security test (static code analisys, for example), the biggest problem I found was high number of false-positive result generated by commercial tools. Any advise of how deal with this?
Hello, I am also starting with infosec, most specifically secure development. About automatized security test (static code analisys, for example), the biggest problem I found was high number of false-positive result generated by commercial tools. Any advise of how deal with this?
Ah I don't think I can answer this one. I haven't ever done code analysis, and I probably never will. Sorry!