AppSec testing at scale
Poorna Udupi
CTO
Good Money
Every company in this world that has an Internet-connected application needs AppSec testing. Some companies conduct annual penetration tests to meet compliance requirements, some run bug bounty programs to invite continuous scrutiny of their organization, while some may choose to run automated scans. Instead of an ad hoc and reactive approach, organizations must adopt a scaleable approach to AppSec that spans all code and applications - those accessible internally as well as externally, across application lifecycles from development to production. In this talk, we discuss the learnings from building a holistic and comprehensive AppSec program involving people, processes and technology. We will describe a risk-based continuous testing framework to determine the scope and sequence of activities. We will discuss a metrics framework used to measure the efficacy of the AppSec Process, the AppSec metrics, and the SDLC metrics to track progress over time.
Interested in Tooling?
Visit our Tooling community!
We are using more and more tools every day. Here we discuss new and all tools every CTO or engineering leader should be aware of, we share feedback and best practices and help each other to use tools more efficiently. Currently, our main topics are Project management, CI/CD, Feature flagging, Security, Incident Response, Reliability/chaos engineering, monitoring/observability, low code/no-code/Serverless, Hosting.
VIDEOS RELATED TO TOOLING
Scott Gerlach, Cofounder & CSO at StackHawk
Ravi Mayuram, CTO at Couchbase
Ismael Peinado, CTO at Toptal
Arunava Bag, CTO (EMEA) at Digitate
Satish Jayanthi, CTO and Cofounder at Coalesce.io
Dave Mangot, Principal at Mangoteque
Greg Arnette, Co-Founder & CEO at CloudTruth
Jean Barmash, Head of Engineering at Apprentice.io
Doron Grinstein, CEO at Control Plane
GSD
Colin Bodell, VP of Commercial R&D at Shopify

Copyright © 2022 CTO Connection, All Rights Reserved