Secure Coding mailing list archives
What do you like better Web penetration testing or static code analysis?
From: kevin.w.wall at gmail.com (Kevin W. Wall)
Date: Sat, 24 Apr 2010 12:54:31 -0400
Brian Chess wrote:
I like your point Matt. Everybody who's responded thus-far has wanted to turn this into a discussion about what's most effective or what has the most benefit, sort of like we were comparing which icky medicine to take or which overcooked vegetable to eat. Maybe they don't get any pleasure from the work itself.
I take exception to that use of "everybody". My response was based solely on my *preference*, which is what my understanding of Matt was originally asking. But SC-L being the mailing list of many tangents, well... And again, for the record, I *enjoy* both pen testing and static code analysis, but I _personally_ prefer doing static code analysis, if no other reason that generally allows me to work closer to the development teams where I can better suggest appropriate mitigation. Of course, my post (at least the original one) wasn't controversial enough to stir up the pot and cause it to go off in some other direction, so it may have flew past you under the radar. Not that that matters. OTOH, I don't want to be lumped into the "everybody" category especially when that list includes those who can't follow simple directions. ;-) Regards, -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
Current thread:
- What do you like better Web penetration testing or static code analysis? Peter G. Neumann (Apr 22)
- What do you like better Web penetration testing or static code analysis? Gary McGraw (Apr 22)
- What do you like better Web penetration testing or static code analysis? Matt Parsons (Apr 23)
- What do you like better Web penetration testing or static code analysis? Brian Chess (Apr 23)
- What do you like better Web penetration testing or static code analysis? Kevin W. Wall (Apr 24)
- What do you like better Web penetration testing or static code analysis? Arian J. Evans (Apr 24)
- Message not available
- [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis? Arian J. Evans (Apr 27)
- Message not available
- [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis? Arian J. Evans (Apr 27)
- Message not available
- Message not available
- Message not available
- Message not available
- [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis? Matt Parsons (Apr 27)
- What do you like better Web penetration testing or static code analysis? Matt Parsons (Apr 23)
- What do you like better Web penetration testing or static code analysis? Gary McGraw (Apr 22)
- Message not available
- Message not available
- Message not available
- Message not available
- [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis? Sebastian Schinzel (Apr 28)
- [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis? Greg Beeley (May 05)
- Message not available
- Message not available
- Message not available
- Message not available
- [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis? Chris Wysopal (Apr 28)