Application security vulnerabilities
by Mirko Zorz - Wednesday, 6 April 2011.
Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level.

The inner-workings of an application can only be seen through a combination of human input, static analysis, dynamic analysis and a new type of technology loosely termed run-time analysis - the type of 'deep inspection' that's required to truly see "inside" an application and determine how flaws relate, how they're exploited and where in the source code they can ultimately be fixed.

Building systems that really understand applications ultimately requires us to utilize our human brains and culminate information from technology, project requirements, developer interaction and simply 'using' the application by following use-cases.

Only through the collaborative approach of all these human and automated technologies can we start to build systems that are pseudo-intelligent and can perform the combinatory magic which allows iterating through millions or billions of combinations actions to determine negative variations.

This is no small feat - this problem has been worked on for well over a decade and only now through the bringing together of both static and dynamic analysis can we truly start to dig deep into a problem that has silently plagued application security for a very long time.



Spotlight

People will do anything for free Wi-Fi

Posted on 30 September 2014.  |  A new Wi-Fi investigation conducted on the streets of London shows that consumers carelessly use public Wi-Fi without regard for their personal privacy.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //