The Strengths of Combining Code Review with Application Penetration Testing
Revision as of 10:48, 17 September 2010 by Mark.bristow
- The strengths of manual pen testing in findings vulns (against Top 10)
- How each technique can leverage the other.
- How proving vulns can be important, but not really in a mature org
- The massive benefit of finding where the vulns are in the CODE, not just finding the flaws in the application
- How tracking down a penetration testing finding to where the flaw is in the actual code can be EXTREMELY hard
- Potentially some discussion on the role of automated analysis tools (both code and external scanning) and their strengths
- An how automated analysis tools can support a more efficient application security assessment process, when combined with manual analysis
Dave Wichers Speaker bio will be posted shortly.