Dynamically controllable dynamic scanning
This presentation was first presented at HP Protect 2014 on Wednesday 10 September 2014. This talk was a collaborative presentation with 4 speakers:
- Brandon Spurth
- Jeremy Brooks
- Jonathan Griggs
- Brooks Garrett
Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required to run the tools and interpret the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end. Security teams also wrestle with dynamic scanning. Demand is not always consistent, but hardware is expensive to purchase and maintain–only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity? In this session, we will explain how the new HP WebInspect API, introduced in release 10.2, can help your security teams integrate dynamic scanning with HP WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company’s software security assurance program.
About the author
Brooks Garrett is a dedicated technologist who specializes in information security. Brooks has spent over 10 years implementing security programs for both the public and private sector including some of the biggest names in the Fortune 500. When he's not managing risk in the corporate environment you can find him at the local firestation where he is a volunteer firefighter.