This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

The Strengths of Combining Code Review with Application Penetration Testing

From OWASP
Revision as of 15:48, 17 September 2010 by Mark.bristow (talk | contribs) (Created page with '== The presentation == rightThe strengths of manual code review in findings vulns (using the Top 10 as the categories) * The strengths of manua…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The presentation

Owasp logo normal.jpg
The strengths of manual code review in findings vulns (using the Top 10 as the categories)
  • The strengths of manual pen testing in findings vulns (against Top 10)
  • How each technique can leverage the other.
  • How proving vulns can be important, but not really in a mature org
  • The massive benefit of finding where the vulns are in the CODE, not just finding the flaws in the application
  • How tracking down a penetration testing finding to where the flaw is in the actual code can be EXTREMELY hard
  • Potentially some discussion on the role of automated analysis tools (both code and external scanning) and their strengths
  • An how automated analysis tools can support a more efficient application security assessment process, when combined with manual analysis

The speaker

Dave Wichers Speaker bio will be posted shortly.

Retrieved from "https://wiki.owasp.org/index.php?title=The_Strengths_of_Combining_Code_Review_with_Application_Penetration_Testing&oldid=89498"