The Internet is full of advice on delivering a better pen test. That's great but what if you are the one arranging or receiving the test? In this talk, I want to use my experience of scoping and delivering these tests (as well as feedback from test recipients) to suggest ideas on how to get the best value from AppSec tests. I will talk about how you can "hack your test" to better tailor it to your needs, how you can be best prepared for a smooth test and how you can make sure the report is focused and actionable.

Defenders/builders will hopefully leave this talk with ideas that you can apply today, tomorrow and in the future to ensure that AppSec tests aren't just a compliance tick-box but rather deliver real value and make an application more secure. Breakers will hopefully leave this talk wondering whether you are ready to provide this level of value added application test.

Speaker

Josh Grossman
Team Leader and Senior Consultant, Comsec Group
Josh has worked as a consultant in IT Security and Risk for over a decade and also as a Software Developer. He currently works as a Team Leader in Comsec Group's Application Security division where he leads and delivers web and mobile application security tests

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...