Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 18 • 1:00pm - 1:45pm
Static Analysis for Dynamic Assessments

Sign up or log in to save this to your schedule and see who's attending!

Today’s dynamic and static web vulnerability scanners are capable of analyzing complex web applications for security weaknesses. They automate testing of many common vulnerabilities. However, there is a gap between Static and Dynamic scanners. They find different vulnerabilities. So why aren’t dynamic testers running static tools? Typically, they don’t have source code.

In this session, Greg will explore ways dynamic testers can utilize static tools without source code. Greg will discuss a process for collecting and scanning client-side files. Furthermore, Greg will demonstrate a custom developed tool that automates this process from the Burp Suite.

The objective of running static analysis during a dynamic assessment is to reduce potential false-negatives by increasing the breadth of the assessment.

Speakers
GP

Greg Patton

Senior Security Consultant, HP Fortify
Greg Patton is a Sr. Security Consultant with HP Fortify on Demand based in Houston, TX. With nearly ten years of security experience, Greg specializes in application security with a focus on dynamic web and iOS mobile assessments. Greg started his career in software development, and he discovered a natural talent and interest in breaking applications.



Thursday September 18, 2014 1:00pm - 1:45pm
Colorado Ballroom F [Breakers] Denver Marriott City Center