AppSec Review and Pentest Playbook
All companies perform ‘Pentests’ of their most critical applications. Most of the time this is performed in a ‘blackbox’ mode where the security professionals performing the test have no access to the source code of the application, to its developers, to its current attacker’s profile and to existing Threat Models.
This means that the effectiveness of those ‘Pentests’ is very reduced, there is very little assurance of quality and the customer gets very little value for money.
What we need to do are ‘AspSec Reviews’ which are much more thorough engagements (where the security professional has access to ‘everything’)
- Create AppSec Review and Pentest Playbook
- AppSec teams
- Securtiy professionals
- Pentest teams
Back to list of all Working Sessions and Tracks
Edit this page here