Learn how to maximize the value of application security testing in this 32-minute conference talk from AppSecUSA 2018. Discover strategies for tailoring tests to specific needs, preparing for smooth execution, and ensuring focused, actionable reports. Gain insights on choosing the right tester, increasing transparency, disclosing known vulnerabilities, and prioritizing action plans. Explore ways to transform AppSec tests from compliance checkboxes into tools that deliver real security improvements. Suitable for both defenders/builders seeking to enhance their testing processes and breakers aiming to provide higher-value application assessments.
How to Get the Best AppSec Test of Your Life
Overview
Syllabus
Intro
What is an AppSec Test?
What is the Best?
Lots of ideas for the breaker.....
Three opportunities
The most transparent box
Choosing the right tester
An expert comes from outside
Hack yourself first
Opening up the product backlog like...
Disclose known vulnerabilities
Security by non-testability
The testing setup
Progress reports
Executive Summary
Well explained and actionable findings
Prioritised action plan
Assistance with fixes
Key takeaways
Taught by
OWASP Foundation
