[Owasp-leaders] Application Pentesting vs static analysis and threat modeling ?

dinis cruz dinis.cruz at owasp.org
Thu Nov 17 20:03:16 EST 2011


You really need to do all of them, and then integrate their results.

My approach with O2 is to get the best of all worlds, for example here is
an integration of BlackBox and WhiteBox:
http://o2platform.wordpress.com/2011/11/08/showing-appscan-source-findings-inside-appscan-standard

I still haven't got around with integrating with existing
Threat Modeling tools, but It will be VERY powerful when one can both feed
and consume ,information created from PenTests and Code Reviews, into
Threat Modeling tools.

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2


On 17 November 2011 21:09, Sebastien Gioria <sebastien.gioria at owasp.org>wrote:

> Hi all,
>
> I need to do a talk on the subjet writen previously.
>
> I've got some idea things to said, but searching to not miss something
> important.
>
> Does anyone have some slidedeck to share ?
>
> Thanks
>
>
>
>
> ---
> Sebastien GIORIA  - sebastien.gioria at owasp.org
> <sebastien.gioria at owasp.org>French OWASP Co-Leader
> OWASP Global Education Committee Member
> GSM: +33 (0)6 23 04 00 51
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111118/7b44cec0/attachment.html 


More information about the OWASP-Leaders mailing list