Application security vulnerabilities
by Mirko Zorz - Wednesday, 6 April 2011.
Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level.

The inner-workings of an application can only be seen through a combination of human input, static analysis, dynamic analysis and a new type of technology loosely termed run-time analysis - the type of 'deep inspection' that's required to truly see "inside" an application and determine how flaws relate, how they're exploited and where in the source code they can ultimately be fixed.

Building systems that really understand applications ultimately requires us to utilize our human brains and culminate information from technology, project requirements, developer interaction and simply 'using' the application by following use-cases.

Only through the collaborative approach of all these human and automated technologies can we start to build systems that are pseudo-intelligent and can perform the combinatory magic which allows iterating through millions or billions of combinations actions to determine negative variations.

This is no small feat - this problem has been worked on for well over a decade and only now through the bringing together of both static and dynamic analysis can we truly start to dig deep into a problem that has silently plagued application security for a very long time.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th