Think like a Hacker: How to Get ahead of Zero Days.

As engineering teams move faster and faster, we’ve seen application security “shift left” - with testing done earlier and earlier in the development lifecycle. But the way teams test hasn’t changed - we’re still in a land of false positives, vetting applications against known vulnerabilities, and bracing ourselves for emergency patching when the next zero day hits. By thinking like a hacker when testing applications - you can automatically find exploitable vulnerabilities and fix them while your code is still in development -- giving you stronger security while also increasing velocity In this talk, we’ll discuss: The benefits (and limitations) of current approaches to application security Balancing security and development velocity - how to build win/win scenarios Setting realistic targets for application security programs based on known risks Adopting a hacking mindset to help developers increase velocity and security both Using techniques like fuzzing and symbolic execution to ‘hack’ your applications in your own development pipeline