The Strengths Of Combining Code Review With Application Penetration Testing presented at OWASP Appsec 2010

by Dave Wichers (Aspect Security),

Tags: Security Web Application Security Compliance


Summary : The strengths of manual code review in findings vulns (using the Top 10 as the categories)

* The strengths of manual pen testing in findings vulns (against Top 10)
* How each technique can leverage the other.
* How proving vulns can be important, but not really in a mature org
* The massive benefit of finding where the vulns are in the CODE, not just finding the flaws in the application
* How tracking down a penetration testing finding to where the flaw is in the actual code can be EXTREMELY hard