Name: Static Analysis for Dynamic Assessments
Start: 2014-09-18T13:00:00-0600
End: 2014-09-18T13:45:00-0600

Back To Schedule

Static Analysis for Dynamic Assessments

Today’s dynamic and static web vulnerability scanners are capable of analyzing complex web applications for security weaknesses. They automate testing of many common vulnerabilities. However, there is a gap between Static and Dynamic scanners. They find different vulnerabilities. So why aren’t dynamic testers running static tools? Typically, they don’t have source code.

In this session, Greg will explore ways dynamic testers can utilize static tools without source code. Greg will discuss a process for collecting and scanning client-side files. Furthermore, Greg will demonstrate a custom developed tool that automates this process from the Burp Suite.

The objective of running static analysis during a dynamic assessment is to reduce potential false-negatives by increasing the breadth of the assessment.

Speakers

Greg Patton

Senior Security Consultant, HP Fortify

Greg Patton is a Sr. Security Consultant with HP Fortify on Demand based in Houston, TX. With nearly ten years of security experience, Greg specializes in application security with a focus on dynamic web and iOS mobile assessments. Greg started his career in software development, and he discovered a natural talent and interest in breaki... Read More →

AppSec USA Greg Patton pptx

Thursday September 18, 2014 1:00pm - 1:45pm MDT
Colorado Ballroom F [Breakers] Denver Marriott City Center

Session, Breakers

OWASP AppSec USA 2014

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Greg Patton