Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

DevSecOps and Application Penetration Testing: Defying the Myth

On-demand webcast dives into the role of application penetration testing in today’s software development lifecycle (SDLC).

If you’re not penetration testing, you don’t know what you’re missing.

Organizations are under pressure to develop applications at an ever-faster pace – without sacrificing security. Enter DevSecOps. As the name implies, DevSecOps weaves security into every part of development. With this approach, security is an enabler, not a blocker.

With the emphasis on speed and scale, automation is an important component of DevSecOps. But automated tools don’t cover 100% of your security issues and can lead to false positives that cause problems of their own. On the other hand, penetration testing finds the flaws that automated tools can’t detect. Unfortunately, penetration testing is seen as a bottleneck to development – but it doesn’t have to be.

The solution is to combine automation with penetration testing – but not the traditional approach you’re familiar with. Successful DevSecOps programs require a new breed of penetration testing – one that’s relationship-driven and designed for speed and scale. This webcast explores the world of DevSecOps and how penetration testing is evolving to meet the needs of today’s organizations.

Watch this webcast to learn:

  • The pros and cons of popular modern AppSec tools -- SAST, DAST, SCA, IAST, RASP
  • The role of application penetration testing in your software development cycle (SDLC) and how it benefits your development team
  • Why application penetration testing isn’t “dead” and how relationship-driven penetration testing leads to better outcomes

Tom Eston

About the speaker, Tom Eston

VP of Consulting and Cosmos at Bishop Fox

Tom Eston is the VP of Consulting and Cosmos at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.