Application security vulnerabilities
by Mirko Zorz - Wednesday, 6 April 2011.
Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level.

The inner-workings of an application can only be seen through a combination of human input, static analysis, dynamic analysis and a new type of technology loosely termed run-time analysis - the type of 'deep inspection' that's required to truly see "inside" an application and determine how flaws relate, how they're exploited and where in the source code they can ultimately be fixed.

Building systems that really understand applications ultimately requires us to utilize our human brains and culminate information from technology, project requirements, developer interaction and simply 'using' the application by following use-cases.

Only through the collaborative approach of all these human and automated technologies can we start to build systems that are pseudo-intelligent and can perform the combinatory magic which allows iterating through millions or billions of combinations actions to determine negative variations.

This is no small feat - this problem has been worked on for well over a decade and only now through the bringing together of both static and dynamic analysis can we truly start to dig deep into a problem that has silently plagued application security for a very long time.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th