File:Maturing Assessment through SA.ppt

Organizations have struggled to understand the place of dynamic security testing techniques and their penetration testing tool use has suffered setbacks as a result. Likewise, as these same organizations turn to static analysis tools they find themselves struggling to decide who should run the tool and what kinds of vulnerabilities the tool will find for them. Finally, organizations lament the lack of depth or scale associated with their manual security analyses. This presentation will show how recent approaches to holistic application assessment at Cigital have overcome the limitations of existing tools by combining industry-best scanning tools and open source technologies for continuous integration. This combination, in turn, has the security benefit of scanning tools to be seen more closely to when vulnerabilities are introduced (and can be fixed) and allows them to be applied more frequently.