AppSec Review and Pentest Playbook
All companies perform pentests of their most critical applications. Most of the time, this is performed in ‘black box’ mode, where the security professionals who perform the test have no access to the source code of the application, to its developers, to its current attacker’s profile, or to existing threat models.
This limits the effectiveness of those pentests; there is very little assurance of quality, and the customer gets very little value for money.
What we need to do are ‘AppSec Reviews’ which are more thorough engagements where the security professional has access to ‘everything’.
This Working Session will draft an AppSec Review and Pentest Playbook.
- Create AppSec Review and Pentest Playbook
- Created outline for a AppSec Pen Test Playbook
- Initial draft of outline sent to participants for consensus
Synopsis & Takeaways
- Eleven participants collaborated on what defines an Application Security Pen Test
- Driven by specific concerns
- Driven by humans
- Driven by depth
- Driven by functionality
The target audience for this Working Session is:
- AppSec teams
- Security professionals
- Pentest teams
- AppSec Review and Pentest Playbook
(please add as much information as possible before the sessions)
Back to list of all Working Sessions and Tracks
Edit this page here