bugs | tigrino

tigrino

Finding security bugs

tigrino Jan 30, 2014 03:25

Here is the matrix presented by Jacob West and Alexander Hoole from HP Fortify at RSA 2012. They look at security bugs along 2 different dimensions:

Explicit in Code
Implied in Code

Generic
50% - Can be found by static analysis tools
Can be found in pen testing or expert reviews

Application-Specific
Need to understand application patterns ( Read more... )

security bugs, bugs, static analysis, skill, technology, software, security

Leave a comment
Finding security bugs

tigrino Dec 28, 2013 09:18

Here is the matrix presented by Jacob West and Alexander Hoole from HP Fortify at RSA 2012. They look at security bugs along 2 different dimensions:

Explicit in Code
Implied in Code

Generic
50% - Can be found by static analysis tools
Can be found in pen testing or expert reviews

Application-Specific
Need to understand application patterns ( Read more... )

security bugs, bugs, static analysis, skill, technology, software, security

Leave a comment