Hybrid Security Analysis: Bridging the Gap between Inside-Out and Outside-In
With the rising adoption of the cloud and the mobile revolution, software security is more important and complex than ever. The efforts of developers and testers are frequently disconnected, wasting time and reducing effectiveness. Arthur Hicken describes how hybrid security analysis bridges the gap between static analysis and penetration testing by detecting security vulnerabilities with unprecedented accuracy—and few false positives. Testers receive an instant assessment of where security attacks actually penetrated the application. Unlike traditional penetration testing, this pinpoints where attacks really succeeded—not just areas that may be vulnerable to attack. Hybrid analysis involves running penetration attack scenarios against existing functional test scenarios, monitoring the back-end to determine whether security is actually compromised, and correlating source code with the failed tests so you can trace each error to a particular requirement. Learn the drawbacks of static analysis and penetration testing—and how to turn these drawbacks into strengths.