Source Boston 2010: Execution Flow-Based Web Application Testing 3/6

Clip 3/6 Speakers: Rafal Los & Matt Wood, HP Software Since the caveman first fashioned a spear humans have been using tools to make them more efficient and effective. Unfortunately, today’s analysts often misunderstand the role tools play in testing web applications. While tools can be quite good at mapping a web application’s attack surface there is still much human analysis that must be done to find the elusive defects that lie just below the surface. That human analysis is daunting and irregular … until now. The answer is an execution-flow-based approach to application security testing. By first understanding application logic and execution flow it is possible to completely map a web application’s attack surface, and therefore fully test the application. Along the way, we will cover the principles of data-flow analysis, application process mapping and building execution-flow diagrams (EFDs), which together form a complete picture of the web application and allow an analyst to uncover potentially critical defects. For more information and presentation slides click here:
Video Rating: 0 / 5