Automated Finding Correlation: SAST, DAST, and IAST Overlap in Application Security

Explore the overlap between different scanning technologies in this insightful conference talk. Delve into the automated correlation of findings from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). Discover the unique advantages of each technology and learn whether a single solution can address all security needs. Gain valuable insights into the commonalities and differences in vulnerability detection across these tools, and understand how leveraging multiple technologies can streamline the remediation process. Examine real-world results from the OWASP Benchmark project, providing context for the effectiveness of each approach. Uncover the benefits of automated correlation for both developers and security experts, and explore how this knowledge can reduce workload and accelerate vulnerability resolution.

Intro
Why adding IAST?
Auto Correlations - Goal
OWASP Benchmark - Context
OWASP Benchmark - Process
OWASP Benchmark - Results
Pulling the Curtain
OWASP Benchmark - The Report