Explore how security testers and developers can collaborate more effectively using specialized tools in this 49-minute conference talk from AppSecEU 2014. Examine two key interactions: leveraging code knowledge to enhance application scanning and mapping scan results back to specific lines of code. Learn about open-source examples built on OWASP ZAP, ThreadFix, and Eclipse, focusing on Java/JSP and Java/Spring applications. Discover how combining testing and remediation workflows can improve both security testing and software development processes, ultimately leading to more secure web-based software systems.
Hybrid Analysis Mapping - Making Security and Development Tools Play Nice Together
Overview
Syllabus
Dan Cornell - Hybrid Analysis Mapping Making Security and Development Tools Play Nice Together
Taught by
OWASP Foundation
Related Courses
-
DevSecOps Fundamentals
-
Building Your Application Security Data Hub - The Imperative for Structured Vulnerability Information
-
Continuous Security Testing in DevOps Environments
-
Application Security Testing and SDLC for Developers
-
Threat Model-as-Code: Integrating Security into the Software Development Lifecycle
-
Hands-on Introduction to Snyk - Security Scanning for Dependencies, Code, and Containers
