AppSec testing at scale
Poorna Udupi
CTO
Good Money
Every company in this world that has an Internet-connected application needs AppSec testing. Some companies conduct annual penetration tests to meet compliance requirements, some run bug bounty programs to invite continuous scrutiny of their organization, while some may choose to run automated scans. Instead of an ad hoc and reactive approach, organizations must adopt a scaleable approach to AppSec that spans all code and applications - those accessible internally as well as externally, across application lifecycles from development to production. In this talk, we discuss the learnings from building a holistic and comprehensive AppSec program involving people, processes and technology. We will describe a risk-based continuous testing framework to determine the scope and sequence of activities. We will discuss a metrics framework used to measure the efficacy of the AppSec Process, the AppSec metrics, and the SDLC metrics to track progress over time.
Interested in Tooling?
Visit our Tooling community!
We are using more and more tools every day. Here we discuss new and all tools every CTO or engineering leader should be aware of, we share feedback and best practices and help each other to use tools more efficiently. Currently, our main topics are Project management, CI/CD, Feature flagging, Security, Incident Response, Reliability/chaos engineering, monitoring/observability, low code/no-code/Serverless, Hosting.
VIDEOS RELATED TO TOOLING
Brandon Philips, CTO at CoreOS
Randy Shoup, Consulting CTO at Good Enough is Good Enough
Russell Smith, CTO at Rainforest QA
Jez Humble, VP at Chef
Evan Korth, Clinical Professor, NYU; co-founder, hackNY, and Venture Partner at Quotidian Ventures
, at
Ken Little, VP Engeneering at Tumbrl

Copyright © 2024 CTO Connection, All Rights Reserved