Overview
Explore a conference talk from AppSecUSA 2014 that delves into bridging the gap between static and dynamic web vulnerability scanners. Learn how dynamic testers can leverage static analysis tools without access to source code, focusing on a process for collecting and scanning client-side files. Discover a custom-developed tool that automates this process from the Burp Suite, aimed at reducing false-negatives and expanding the scope of dynamic assessments. Gain insights from Greg Patton, a Senior Security Consultant at HP Fortify, as he shares his expertise in application security, particularly in dynamic web and iOS mobile assessments.
Syllabus
Static Analysis for Dynamic Assessments - OWASP AppSecUSA 2014
Taught by
OWASP Foundation