Participants of this tutorial will gain a solid foundation in software analysis, with a strong emphasis on security. We will explore the significance of security research in software development and consider various resources and tools to discover vulnerabilities - including static and dynamic analysis, signature matching, automated scanning and fuzzing.

To illustrate these concepts, we’ll perform static analysis with CodeQL, Bandit and Nuclei on a vulnerable Python library as a case study. Additionally, we’ll understand different approaches and techniques to security-oriented analysis. Participants will gain essential knowledge to identify vulnerabilities, find potential targets for analysis, and apply research methodology.

This tutorial will cover
* Introduction to security research
* Automated software analysis - SAST vs DAST
* Research methodologies and resources
* Basics of static code analysis
* Practical examples using vulnerable software to test acquired skills

Key takeaways
* Basic concepts related to vulnerability research
* Software analysis fundamentals
* Security analysis tools