This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

BeNeLux09 - Hybrid Analysis 2.0 - A demonstration of precision results correlation for improved software security testing

Jump to: navigation, search

The presentation

The correlation of results from "white box" static source code analysis and "black box" dynamic penetration testing tools has been considered by some to be the "holy grail" in software security testing. Unfortunately, to date, solutions in this area have failed to provide meaningful benefit.

Recent work at Fortify allows us to address this failure, moving past simple correlation and ultimately providing what is truly beneficial - insight into the black box results.

The speaker

Roger Thornton founded Fortify Software in October 2002, recognized by Business 2.0' magazine as the "Smartest Start-Up for 2005".

Prior to founding Fortify, Roger consulted to the world's foremost venture capital firms - as a "hired gun," he specialized in high impact delivery of technology products and services in the launch of new businesses and the successful turn-around of others. During this period he led key development efforts at E*TRADE, guided a major architecture redesign effort at eBay, and served as an interim executive and advisor to a number of other successful startup companies.

Roger earned his BS and MS degrees in Engineering with honors at San Jose State University.