BROADCASTS.com

If you're going to buy an application security tool, which one will it be? Every vendor likes to talk about how their tools are the best. "We are the market leader!" they all say. But not everyone can lead all the time. I will show how I took half a dozen "leading" application security tools (both static and dynamic) and compared them head-to-head against the same open source application. All of the tools found something, but no two tools find the same thing!

I will break down the different techniques each tool uses and show specifically which bugs each tool finds. The proceedings will include all of the details about the code so that you can add your own tools to the comparison. The presentation gives a methodology for doing detailed tools comparison.

This text will be used for the website and printed materials. In a nutshell, what your presentation will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use these paragraphs to tell people how technical the talk is, what tools will be used, what materials to read in advance to get the most out of your presentation. This abstract is the primary way people will be drawn to your session.
Presentations that are submitted without abstracts (eg that have only ppt or white papers attached or only point to a URL) will not be considered." Edward Lee is a member of Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Specifically, Mr. Lee investigates and develops methodologies for the discovery of vulnerabilities and defense against attacks in software. Prior to joining Fortify, Mr. Lee was a security consultant at Exodus Communications/Cable & wireless where he was responsible for securing customer systems and advising customers about potential threats. He is also an active member of a team that has won twice at the Defcon Capture the Flag hacking competition.