OWASP AppSec DC 2012/Dynamic DASTWAF Integration

Revision as of 14:55, 2 March 2012 by Mark.bristow (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Owasp logo normal.jpg
The concept of dynamic application scanning testing (DAST) exporting data that is then imported into a web application firewall (WAF) for targeted remediation is not new. While this concept is certainly attractive to show risk reduction and reducing the time-to-fix metric, it is important to realize that you are not constrained to a "one way" data flow. WAFs have access to a tremendous amount of information that it can share with DAST to aid in application coverage and initiating on-demand assessments of new or change resources. This presentation will highlight how DASTs and WAFs can achieve a synergistic effect by dynamically sharing data. During the presentation, a working integration between the Arachni web application security scanner framework and the ModSecurity web application firewall will be presented.

The Speakers

Ryan Barnett

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg