Working with penetration testers as a developer
|Countdown link||Open timer|
As a developer, sooner or later in your career you'll end up working with penetration testers. This talk aims to help you maximise your value from the engagement
This talk will take a critical look at best practices for engaging with penetration testers, and answer questions such as:
- Can't I just test my own app?
- When to (and when NOT to) engage with security consultants
- What problems will pentesting solve, and what problems WONT it solve?
- What to look for (and potential red flags) when evaluating pentesting companies
- Threat modelling and where it fits
- Working together to get the scope right
- Working together pre-engagement
- Communication during the engagement
- What maximises value during an engagement? What can go wrong?
- Re-testing and follow-up
Liam is a former software developer who switched to the dark-side and started pentesting many moons ago. Formerly a Director at Assurance, Liam now runs the Research and Development program for the pentesters at CyberCX. Liam is enthusiastic about ducks.