· speaking

Dynamically controllable dynamic scanning

This presentation was first presented at HP Protect 2014 on Wednesday 10 September 2014. This talk was a collaborative presentation with 4 speakers:

Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required to run the tools and interpret the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end. Security teams also wrestle with dynamic scanning. Demand is not always consistent, but hardware is expensive to purchase and maintain–only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity? In this session, we will explain how the new HP WebInspect API, introduced in release 10.2, can help your security teams integrate dynamic scanning with HP WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company‚Äôs software security assurance program.

Dynamically Controllable Dynamic Scanning from Brooks Garrett

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket