Back To Schedule
Thursday, September 18 • 1:00pm - 1:45pm
Static Analysis for Dynamic Assessments

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Today’s dynamic and static web vulnerability scanners are capable of analyzing complex web applications for security weaknesses. They automate testing of many common vulnerabilities. However, there is a gap between Static and Dynamic scanners. They find different vulnerabilities. So why aren’t dynamic testers running static tools? Typically, they don’t have source code.

In this session, Greg will explore ways dynamic testers can utilize static tools without source code. Greg will discuss a process for collecting and scanning client-side files. Furthermore, Greg will demonstrate a custom developed tool that automates this process from the Burp Suite.

The objective of running static analysis during a dynamic assessment is to reduce potential false-negatives by increasing the breadth of the assessment.


Greg Patton

Senior Security Consultant, HP Fortify
Greg Patton is a Sr. Security Consultant with HP Fortify on Demand based in Houston, TX. With nearly ten years of security experience, Greg specializes in application security with a focus on dynamic web and iOS mobile assessments. Greg started his career in software development, and he discovered a natural talent and interest in breaki... Read More →

Thursday September 18, 2014 1:00pm - 1:45pm MDT
Colorado Ballroom F [Breakers] Denver Marriott City Center