Vulnerability assessment is hard. Dynamic scanners don’t provide sufficient coverage and don’t understand the business logic, and static scanners get trapped in the combinatorial explosion of application states.

As for the enterprises, the problem also includes CI/CD integration and SDLC process.

During the talk, we’ll discuss how to integrate different application security testing tools, including SAST/DAST/IAST, how to perform smart and swift web application fuzzing, and how to automate business logic testing.