Secure Coding mailing list archives
What do you like better Web penetration testing orstatic code analysis?
From: James.McGovern at thehartford.com (McGovern, James F. (P+C Technology))
Date: Fri, 16 Apr 2010 10:15:15 -0400
Should a security professional have a preference when both have different value propositions? While there is overlap, a static analysis tool can find things that pen testing tools cannot. Likewise, a pen test can report on secure applications deployed insecurely which is not visible to static analysis. So, the best answer is I prefer both... http://twitter.com/mcgoverntheory ________________________________ From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Matt Parsons Sent: Thursday, April 15, 2010 5:50 PM To: 'Matt Parsons'; SC-L at securecoding.org Cc: webappsec at securityfocus.com; OWASPDallas at utdallas.edu; 'Webappsec Group' Subject: Re: [SC-L] What do you like better Web penetration testing orstatic code analysis? What do you like doing better as application security professionals, web penetration testing or static code analysis? I offered my thoughts in today's blog. http://parsonsisconsulting.blogspot.com/2010/04/what-do-you-like-better- secure-code.html Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 at gmail.com <mailto:mparsons1980 at gmail.com> http://www.parsonsisconsulting.com <http://www.parsonsisconsulting.com> http://www.o2-ounceopen.com/o2-power-users/ <http://www.o2-ounceopen.com/o2-power-users/> http://www.linkedin.com/in/parsonsconsulting <http://www.linkedin.com/in/parsonsconsulting> http://parsonsisconsulting.blogspot.com/ <http://parsonsisconsulting.blogspot.com/> http://www.vimeo.com/8939668 <http://www.vimeo.com/8939668> ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100416/9349402f/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1719 bytes Desc: image003.jpg URL: <http://krvw.com/pipermail/sc-l/attachments/20100416/9349402f/attachment.jpeg> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2000 bytes Desc: image004.jpg URL: <http://krvw.com/pipermail/sc-l/attachments/20100416/9349402f/attachment-0001.jpeg>
Current thread:
- What do you like better Web penetration testing or static code analysis? Matt Parsons (Apr 15)
- What do you like better Web penetration testing orstatic code analysis? McGovern, James F. (P+C Technology) (Apr 16)
- What do you like better Web penetration testing or static code analysis? Kevin W. Wall (Apr 18)