logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Testability Patterns for Web Applications - a new OWASP project

Conference:  Global AppSec Dublin 2023
Authors: Dr. Luca Compagna
2023-02-16

tldr - powered by Generative AI

The presentation discusses the challenges of using commercial and open source tools for static analysis of code vulnerabilities and proposes a framework for improving the effectiveness of such tools.
  • Commercial and open source tools for static analysis of code vulnerabilities have limitations in detecting all vulnerabilities
  • The presented framework involves using patterns and discovery rules to improve the effectiveness of static analysis tools
  • Transformation experiments were conducted to improve the testability of patterns
  • The framework can be improved by adding custom rules and integrating other open source tools
  • The community is invited to contribute to the project and help improve the framework
Tags:
SAST
testability
patterns
web applications

5 Open Source Security Tools All Developers Should Know About

Conference:  CloudOpen 2022
Authors: Ran Regenstreif
2022-06-22

tldr - powered by Generative AI

The talk focuses on utilizing open source security tools to reduce threats and risks in cloud systems, environments, and products. The speaker emphasizes the importance of a programmatic approach to security and shifting left.
  • Shift left movement empowers developers with security tools and processes
  • Open source security tools are important in minimizing risks
  • A broader set of risks should be considered when selecting tools
  • Utilizing a toolkit and tool belt can help minimize risks
  • Programmatic approach to security is crucial
Tags:
MVS
SAST
SCA
IaC
DAST

Automated Finding Correlation where do SAST, DAST and IAST overlap

Conference:  OWASP 20th Anniversary Event
Authors: Ran Klein, Eitan Worcel
2021-09-24

tldr - powered by Generative AI

The presentation discusses the benefits of using correlation in cybersecurity and DevOps to reduce the amount of work needed to resolve issues and prioritize them.
  • Using correlation can reduce the amount of work needed to resolve issues and prioritize them
  • Correlation can consolidate multiple issues into a single one
  • Data-driven prioritization and remediation can be achieved through correlation
  • Actual numbers show a significant reduction in the amount of issues after consolidation
  • The industry now focuses on fixing issues rather than just detecting them
Tags:
Scanning technologies
DAST
SAST
IAST
correlation