This was a really good video, thank you for sharing. It’s very important for teams to consider incorporating multiple layers of application security testing into the delivery pipelines. One additional thing to consider may to include a team of 'ethical hackers' into your path to production too. Similar to exploratory testing, ethical hacking is a manual effort, but can be a valuable additional layer of security to have.
@test-automation-experience7 ай бұрын
Thanks for your feedback! How do we convince decision makers to include ethical hacking in our project?
@ciaragraham84607 ай бұрын
That's a good question and it comes down to convincing decision makers of the value proposition. A lot vendors in the appsec space tend to use fear as a motivating factor, which can bear fruit as no one wants to be the leader who cut corners with security and then experienced a hack. However, a more positive model could be better for long-term delivery of value. There's plenty of evidence and case studies around the benefits of ethical hacking within software development lifecycle, as it really fills the gap in terms of vulnerability detection from the scanning tools and how the 'black hat' hackers operate. The various bug bounty initiatives that many companies run are good examples of an ‘open-sourced’ model, both these can be expensive to operate with the potential of large payouts and operate at the speed of the individual security researchers, not the speed of your development team.@@test-automation-experience
@ciaragraham84607 ай бұрын
That's a good question and it comes down to convincing decision makers of the value proposition. A lot vendors in the appsec space tend to use fear as a motivating factor, which can bear fruit as no one wants to be the leader who cut corners with security and then experienced a hack. However, a more positive model could be better for long-term delivery of value. There's plenty of evidence and case studies around the benefits of ethical hacking within software development lifecycle, as it really fills the gap in terms of vulnerability detection from the scanning tools and how the 'black hat' hackers operate. The various bug bounty initiatives that many companies run are good examples of an ‘open-sourced’ model, both these can be expensive to operate with the potential of large payouts and operate at the speed of the individual security researchers, not the speed of your development team.@@test-automation-experience