[Owasp-leaders] Application Pentesting vs static analysis and threat modeling ?
james.walden at gmail.com
Fri Nov 18 01:24:57 EST 2011
There's a recent research paper with empirical data comparing pen testing,
security testing, dynamic analysis, and static analysis using two web
applications in the health field.
A. Austin and L. Williams, "*One Technique is Not Enough: A Comparison of
Vulnerability Discovery Techniques*," in Empirical Software Engineering and
Measurement (ESEM 2011), Banff, Alberta, Canada.
You can download it from http://andrew-austin.com/papers/esem2011.pdf.
On Fri, Nov 18, 2011 at 2:03 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
> You really need to do all of them, and then integrate their results.
> My approach with O2 is to get the best of all worlds, for example here is
> an integration of BlackBox and WhiteBox:
> I still haven't got around with integrating with existing
> Threat Modeling tools, but It will be VERY powerful when one can both feed
> and consume ,information created from PenTests and Code Reviews, into
> Threat Modeling tools.
> Dinis Cruz
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
> On 17 November 2011 21:09, Sebastien Gioria <sebastien.gioria at owasp.org>wrote:
>> Hi all,
>> I need to do a talk on the subjet writen previously.
>> I've got some idea things to said, but searching to not miss something
>> Does anyone have some slidedeck to share ?
>> Sebastien GIORIA - sebastien.gioria at owasp.org
>> <sebastien.gioria at owasp.org>French OWASP Co-Leader
>> OWASP Global Education Committee Member
>> GSM: +33 (0)6 23 04 00 51
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders