[Owasp-austin] Confirmed: Automated vs. Manual Security: You can't filter The Stupid - OWASP Meeting (Apr 27 11:30 AM CDT in National Instruments - Building C - Conference Room 1S13)

Josh Sokol josh.sokol at ni.com
Mon Apr 26 16:26:55 EDT 2010


When: April 27, 2010, 11:30am - 1:00pm


Topic: Automated vs. Manual Security: You can't filter The Stupid


Everyone wants to stretch their security budget, and automated application
security tools are an appealing choice for doing so. However, manual
security testing isn’t going anywhere until the HAL application scanner
comes online. This presentation will use often humorous, real-world
examples to illustrate the relative strengths and weaknesses of automated
solutions and manual techniques.



Automated tools have some strengths, namely low incremental cost, detecting
simple vulnerabilities, and performing highly repetitive tasks. However,
automated solutions are far from perfect. There are entire classes of
vulnerabilities that are theoretically impossible for automated software to
detect. Examples include complex information leakage, race conditions,
logic flaws, design flaws, and multistage process attacks. Beyond that,
there are many vulnerabilities that are too complicated or obscure to
practically detect with an automated tool.


Who: Charles Henderson (Trustwave)


Charles Henderson has been in the security industry for over 15 years and
manages the Application Security Practice at Trustwave. He has specialized
in application security testing and application security assessment
throughout his career but has also worked in physical security testing and
network security testing.


Where: National Instruments, 11500 N Mopac, Building C which is the tallest
building on campus (8 levels). There will be signs posted in the lobby to
direct you where to go and the receptionists will be able to assist you as
well. See directions to National Instruments.


Cost: Always Free


Questions or help with Directions... call: Josh Sokol (512) 619-6716.


RSVP on the Austin OWASP Ning Site
See you tomorrow!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100426/6443f088/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3334 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100426/6443f088/attachment.bin 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100426/6443f088/attachment-0001.html 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100426/6443f088/attachment-0002.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c152656.ics
Type: application/octet-stream
Size: 3334 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100426/6443f088/attachment.obj 


More information about the Owasp-austin mailing list