[WEB SECURITY] Static Code Analysis... Problem/Solution
Rafal @ IsHackingYou
rafal at ishackingyou.com
Sun May 18 23:49:30 EDT 2008
Hey readers -
I've been researching the topic of Web App Sec "Whitebox" testing and have seen some significant failures and problems with the general concept in modern implementations. That being said, I've written a 2-part series of articles that I thought I would ask for the community's response on. Given that the first "problems" article has gotten some decent response I posted the follow-up tonight... if you have a minute and would like to provide me some feedback, please give this a read.
Quick disclaimer, I work for HP ASC so the view in the "solution" is obviously working off of the technology advancements we're implementing (that being said, it's *not* a product plug, I promise). Obviously the opinion here is mine, and no one else's... except where quoted.
Again, I appreciate everyone's constructive feedback and welcome any discourse on the topic. I honestly don't think we're giving this topic enough attention and hopefully this shines a spotlight.
Static Code Analysis Failures
Hybrid Analysis - The Answer to Static Code Analysis Shortcomings
Rafal (Ralph) M. Los
IT Security - Response | Mitigation | Strategy
E-mail: rafal at ishackingyou dot com
- gPGP: 0xFFC63B33
- Blog: http://preachsecurity.blogspot.com
- Blog: http://portal.spidynamics.com/blogs/rafal/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity