As engineering teams move faster and faster, we’ve seen application security “shift left” - with testing done earlier and earlier in the development lifecycle. But the way teams test hasn’t changed - we’re still in a land of false positives, vetting applications against known vulnerabilities, and bracing ourselves for emergency patching when the next zero day hits.
By thinking like a hacker when testing applications - you can automatically find exploitable vulnerabilities and fix them while your code is still in development -- giving you stronger security while also increasing velocity
In this talk, we’ll discuss:
The benefits (and limitations) of current approaches to application security
Balancing security and development velocity - how to build win/win scenarios
Setting realistic targets for application security programs based on known risks
Adopting a hacking mindset to help developers increase velocity and security both
Using techniques like fuzzing and symbolic execution to ‘hack’ your applications in your own development pipeline