Static and dynamic security testing: exploring better together
Speakers: Brian Miller, HP and Jeremy Brooks, HP
In the realm of automated application security testing there are two techniques that dominate: static code analysis and dynamic analysis. Most security organizations gravitate toward one type of technology or the other, but is this ideal? This presentation and accompanying research is focused on answering the following questions: is there value in using both technologies? When is it appropriate to use one technology or the other? How do these technologies apply to the various security stakeholders?