Automating Security Fixes with OpenRewrite

Security problems empirically fall into two categories: bugs and flaws. Roughly half of the problems we encounter in the wild are bugs and about half are design flaws. A significant number of the bugs can be found through automated testing tools which frees you up to focus on the more pernicious design issues.

In addition to detecting the presence of common bugs as we have done with static analysis for years, however, we can also imagine automating the application of corrective refactoring. In this talk, I will discuss using OpenRewrite and the Moderne cli to fix common security issues and keep them from coming back.

In this talk we will focus on:

Introducing the OpenRewrite OSS framework and demonstrate how it can automate common code remediation tasks.
Using OpenRewrite and the Moderne cli to automatically identify and fix known security vulnerabilities including:
Common Java flaws
OWASP Top Ten
Common Spring Issues
Checking in credentials
Integrating security scans with OpenRewrite for continuous improvement.
Writing custom recipes for defining your own security policies
Free up your time to address larger concerns by addressing the pedestrian but time-consuming security bugs.

About Brian Sletten

Brian Sletten is a liberal arts-educated software engineer with a focus on forward-leaning technologies. His experience has spanned many industries including retail, banking, online games, defense, finance, hospitality and health care. He has a B.S. in Computer Science from the College of William and Mary and lives in Auburn, CA. He focuses on web architecture, resource-oriented computing, social networking, the Semantic Web, AI/ML, data science, 3D graphics, visualization, scalable systems, security consulting and other technologies of the late 20th and early 21st Centuries. He is also a rabid reader, devoted foodie and has excellent taste in music. If pressed, he might tell you about his International Pop Recording career.

More About Brian »