Scalable Application Assessments In The Enterprise presented at OWASP Appsec 2009

by Tom Parker (Securicon LLC),

Tags: Security Business Development

URL : http://www.owasp.org/index.php/Scalable_Application_Assessments_in_the_Enterprise

Summary : That's right & we said scalable. Applications which live in the enterprise, COTS or otherwise; are often some of the most complex and time consuming to assess, when it comes to evaluating them for commonly exploited vulnerabilities, such as those listed by the OWASP Top 10. During this talk, the presenters will explore the ways in which in-depth, transaction based application assessments can be made to scale within the enterprise, through the use of automated assessment tools (such as Cenzic Hailstorm), and a rigorous assessment methodology. While excessive levels of assessment automation has in the past taken fire for the levels of false positives, and false negatives it can generate & manual testing has also developed a bad reputation in many circles due to its high costs and execution time generally associated with performing thorough application assessments with a wholly manual approach. The speakers will demonstrate a methodology, through which a middle ground may be attained, achieving an assessment which accurately addresses top of mind vulnerabilities, provides all of the benefits of a manual assessment, falls in budget and yes & scales!