Today, we introduce Ocular, ShiftLeft's code exploration product. Ocular provides you with powerful code querying capabilities for Java, C#, and C/C++. Similar to the way Google Maps provides an overview of the geography and routes to nearby destinations, Ocular helps navigate your code, understand how data flows from component to component, and ultimately, uncover flaws and security vulnerabilities.
In this webinar, we give an introduction to Ocular's capabilities, showing how it can be used to understand the structure of your code, the way it interfaces with other components, and finally, scan for application-specific vulnerability patterns. These patterns can take into account the context the application runs in, the business logic, and the pitfalls of custom libraries and frameworks. This provides code auditors & reviewers with the ability to tune powerful static analysis primitives to the needs of their code bases, which stands in stark contrast to the ineffective one-size-fits-all offerings that classic static analyzers provide. We will introduce you to the concept of query-based code analysis, show you how to download and install the Ocular trial version, demo its main capabilities, and finally show you how we uncovered previously unknown vulnerabilities in open source components with Ocular.