The Strengths Of Combining Code Review With Application Penetration Testing
No ratings
Presented at OWASP Appsec 2010 by
The strengths of manual code review in findings vulns (using the Top 10 as the categories) * The strengths of manual pen testing in findings vulns (against Top 10) * How each technique can leverage the other. * How proving vulns can be important, but not really in a mature org * The massive benefit of finding where the vulns are in the CODE, not just finding the flaws in the application * How tracking down a penetration testing finding to where the flaw is in the actual code can be EXTREMELY hard