Developers want to write code and security testers want to break it. The problem is security testers need to know more about code to do better testing and developers need to be able to quickly address problems found by testers. This presentation looks at both groups and their toolsets and explores ways they can help each other out. Using open source examples built on OWASP ZAP, ThreadFix and Eclipse, the presentation walks through the process of seeding web applications scans with knowledge gleaned from code analysis as well as the mapping of dynamic scan results to specific line of code.
Dan Cornell has over fifteen years of experience architecting, developing and securing web-based software systems. As CTO of Denim Group, he leads the organization's technology team overseeing methodology development and project execution for Denim Group's customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies.