Simple play icon Course

Application Analysis with SonarQube

by George Smith

This is the next step of your journey as a security professional. In this course, you'll learn how to hunt for vulnerabilities and hotspots based on MITRE's ATT&CK framework using SonarQube.

What you'll learn

SonarQube can detect bugs, code smells, vulnerabilities, and hot spots in over 25 programming languages. In this course, Application Analysis with SonarQube, you'll cover how to leverage SonarQube to discover vulnerabilities and hotspots in source code. First, you'll learn how to install and configure SonarQube. Next, you'll run a static analysis against a sample software project. You'll be looking for potential security weaknesses in the software. Then, you’ll operate the tool and run a static security scan of target code base. Finally, you’ll analyze the problems flagged by SonarQube and examine the suggested remediation steps. When you’re finished with this course, you’ll have the skills and knowledge to detect and eliminate vulnerabilities and hotspots in publicly facing applications with these techniques: code-base static security scanning and analysis using SonarQube.

Table of contents

About the author

George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo... more

Ready to upskill? Get started