Why Automated DAST Scanners Fail Today
08-27, 11:30–11:50 (US/Eastern), Room 401 - "Re-Engage" track

Automated DAST scanners have been around for over 20 years now, so why is it that we have so much trouble using them? From numerous false positives, complicated configurations to scans that take days raging through a single website, why is this still happening? Many factors have changed in the past several years for businesses when it comes to the complexity and number of assets needed to be scanned for security vulnerabilities. How can these businesses meet compliance and regulation requirements when appsec tools can't do the job? In this talk you will see the challenges of automated DAST scanners and why businesses are struggling to keep up with the ever expanding appsec threat landscape.

Ray Kelly is an internet security professional with over twenty five years of development experience, eighteen of which has focused on the internet security space. Ray has been a key player in multiple successfully acquired cyber security start-ups. He was the lead developer and business unit director for WebInspect with SPI Dynamics which is an industry leading application security scanner (later HP and Micro Focus). Ray holds three web application scanning patents and speaks regularly at security conferences. Today, Ray is a Fellow at Synopsis (formally WhiteHat) where he contributes to research, sales and vision of the security product line.