Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
 
View analytic
Thursday, September 24 • 3:00pm - 3:55pm
Using the OWASP Benchmark to Assess Automated Vulnerability Analysis Tools

Sign up or log in to save this to your schedule and see who's attending!

Lab material available for download here: 
https://drive.google.com/folderview?id=0BxSfMVkfLvslcEp4dGJKcV9xdG8&usp=sharing
Please download before arriving at the conference!

The OWASP Benchmark is a test suite designed to evaluate the speed, coverage, and accuracy of automated vulnerability detection tools. Without the ability to measure these tools, it is difficult to understand their value or interpret vendor claims. The OWASP Benchmark contains over 20,000 test cases that are fully runnable and exploitable.

This training class will provide attendees with details of how the Benchmark was developed, what the tests cover, and how to use it to evaluate tools. Students will be able to download a VM with the entire Benchmark fully installed and ready to go. They will be able to compile all the tests, run tools against the benchmark, and generate scorecards for all the tools they run. The scorecards describe how each tool did, as well as allow for quick comparisons between the tools. The VM will include numerous open source security vulnerability detection tools they can use in the class, and if they have access to commercial vulnerability detection tools, they can use those as well.

Speakers
avatar for Dave Wichers

Dave Wichers

COO, Aspect Security
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a consulting company that specializes in application security services. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the OWASP Board since it was formed from 2004 through 2013, served as OWASP Conferences Chair from 2005 through 2008, is a coauthor of the OWASP Top 10 and has led the project since... Read More →


Thursday September 24, 2015 3:00pm - 3:55pm
Room E