The Promise and Pitfalls of Security Testing Today

  • Webcast Aired Tuesday, 09 May 2017 3:00PM EDT (09 May 2017 19:00 UTC)
  • Speakers: Mark Geeslin, Setu Kulkarni

Both the underlying technologies and the development methodologies of web applications have dramatically shifted in recent history. The tools and techniques of security testing from just a few short years ago are ill-suited to applications developed today, which employ the design principles of RESTful web services and single-page applications. Furthermore, current development processes such as CI/CD and DevSecOps require compatible security testing approaches that are highly responsive and efficient. Results must be obtained within minutes, or even seconds, as opposed to the hours and days permitted in the past. Automated web application vulnerability scanners are both too slow and too shallow in their analysis, while manual penetration testing seems to be unable to keep pace with the speed of development.

How can security testing be most effectively performed against today's applications that are developed and deployed continuously with no apparent time for adequate analysis and verification? In this webinar we will discuss a proven approach to security testing that employs a judicious balance of architectural reviews, SAST and DAST technology, custom "functional" testing, and manual penetration testing in order to produce a robust framework which can be used to achieve a high-degree of security assurance, while allowing for the rapid pace of development required in today's environment.