Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
View analytic
Thursday, June 26 • 10:25 - 11:15
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Together

Sign up or log in to save this to your schedule and see who's attending!

Developers want to write code and security testers want to break it and both groups have specialized tools supporting these goals. The problem is – security testers need to know more about application code to do better testing and developers need to be able to quickly address problems found by security testers. This presentation looks at both groups and their respective toolsets and explores ways they can help each other out. 

Two different interactions are examined: 
• How can knowledge of code make application scanning better? 
• How can application scan results be mapped back to specific lines of code? 

Using open source examples built on OWASP ZAP, ThreadFix and Eclipse, the presentation walks through the process of seeding web applications scans with knowledge gleaned from code analysis as well as the mapping of dynamic scan results to specific line of code. The end result is a combination of testing and remediation workflows that help both security testers and software developers be more effective. Particular attention is give to Java/JSP applications and Java/Spring applications and how teams using these frameworks can best benefit from these interactions.

Speakers
avatar for Dan Cornell

Dan Cornell

CTO, Denim Group
A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.


Thursday June 26, 2014 10:25 - 11:15
LAB003
  • Company 66

Attendees (12)