[Owasp-leaders] Application Pentesting vs static analysis and threat modeling ?

James Walden james.walden at gmail.com
Fri Nov 18 01:24:57 EST 2011


There's a recent research paper with empirical data comparing pen testing,
security testing, dynamic analysis, and static analysis using two web
applications in the health field.

A. Austin and L. Williams, "*One Technique is Not Enough: A Comparison of
Vulnerability Discovery Techniques*," in Empirical Software Engineering and
Measurement (ESEM 2011), Banff, Alberta, Canada.

You can download it from http://andrew-austin.com/papers/esem2011.pdf.

On Fri, Nov 18, 2011 at 2:03 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> You really need to do all of them, and then integrate their results.
>
> My approach with O2 is to get the best of all worlds, for example here is
> an integration of BlackBox and WhiteBox:
> http://o2platform.wordpress.com/2011/11/08/showing-appscan-source-findings-inside-appscan-standard
>
> I still haven't got around with integrating with existing
> Threat Modeling tools, but It will be VERY powerful when one can both feed
> and consume ,information created from PenTests and Code Reviews, into
> Threat Modeling tools.
>
> Dinis Cruz
>
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
>
>
> On 17 November 2011 21:09, Sebastien Gioria <sebastien.gioria at owasp.org>wrote:
>
>> Hi all,
>>
>> I need to do a talk on the subjet writen previously.
>>
>> I've got some idea things to said, but searching to not miss something
>> important.
>>
>> Does anyone have some slidedeck to share ?
>>
>> Thanks
>>
>>
>>
>>
>>   ---
>> Sebastien GIORIA  - sebastien.gioria at owasp.org
>> <sebastien.gioria at owasp.org>French OWASP Co-Leader
>> OWASP Global Education Committee Member
>> GSM: +33 (0)6 23 04 00 51
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111118/a268e3c0/attachment.html 


More information about the OWASP-Leaders mailing list