The Strengths Of Combining Code Review With Application Penetration Testing presented at OWASP Appsec 2010

by Dave Wichers (Aspect Security),

Tags: Security Web Application Security Compliance

URL : http://www.owasp.org/index.php/The_Strengths_of_Combining_Code_Review_with_Application_Penetration_Testing

Summary : The strengths of manual code review in findings vulns (using the Top 10 as the categories)

* The strengths of manual pen testing in findings vulns (against Top 10)
* How each technique can leverage the other.
* How proving vulns can be important, but not really in a mature org
* The massive benefit of finding where the vulns are in the CODE, not just finding the flaws in the application
* How tracking down a penetration testing finding to where the flaw is in the actual code can be EXTREMELY hard