Improving Dynamic Vulnerability Scanners with Static Code Analysis

Explore how Indeed combined static source analysis and dynamic scanning to create a more robust vulnerability detection solution in this 37-minute LASCON conference talk. Learn about the limitations of traditional methods for finding potential vulnerabilities in source code, including excessive false positives and missed endpoints. Discover WES, a tool developed by Indeed that analyzes source code to extract endpoints, eliminating the need for crawlers and improving the effectiveness of dynamic vulnerability scanners. Gain insights into how this innovative approach can enhance your application security pipeline and benefit from Indeed's work in combining static code analysis with dynamic scanning techniques.

2017 - Improving dynamic vulnerability scanners with static code analysis - Caleb Coffie