Automatic Analysis of Web Applications Security

Date

2012-10-19

Speaker

Juan Ramón Bermejo (MD)

Summary

To accomplish a security auditory of web applications by manual penetration test or manual code review is an arduous task and no efficient because test all attack surface of web applications under all distinct conditions validating all inputs is very difficult and finally there will remain many security vulnerabilities in the code.

To get web applications with a high degree of security a new security tasks should be included in the security development life cycle (SDLC) by using and integrating several types of automatic commercial and open source tools to obtain a better result as whole building a specific methodology for tools selected integration. In this presentation I will try to explain the new tendencies in automatic tools for security analysis of web applications to use in each phase of SDLC.

Slides

Video

Author's Biography

Juan Ramón Bermejo

Degree in Computer Engineering from the Spanish National University of Distance Education is currently a doctoral student in Research in Electrical, Electronics Engineering and Control at the same University. In 2011, ended fis studies of Master in Computer Engineering on Networking, Communications and Content Management offered by the UNED. He has developed his career over the past 15 years under the Ministry of Defense working with IBM Mainframe systems and more recently with the Command and Control Air Defense System of the Spanish Air Force, where he is currently working on various migration projects of several subsystems.

Share this post

Submit to Google PlusSubmit to TwitterSubmit to LinkedIn