Overview
Explore how security testers and developers can collaborate more effectively using specialized tools in this 49-minute conference talk from AppSecEU 2014. Examine two key interactions: leveraging code knowledge to enhance application scanning and mapping scan results back to specific lines of code. Learn about open-source examples built on OWASP ZAP, ThreadFix, and Eclipse, focusing on Java/JSP and Java/Spring applications. Discover how combining testing and remediation workflows can improve both security testing and software development processes, ultimately leading to more secure web-based software systems.
Syllabus
Dan Cornell - Hybrid Analysis Mapping Making Security and Development Tools Play Nice Together
Taught by
OWASP Foundation