Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

DevSecOps and Application Penetration Testing: Defying the Myth

Date & Time:
On-Demand Webcast
Location:
ON24
Bishop Fox Webcast: How to Build DevSecOps Programs that Works for Developers and Security by Tom Eston

If you’re not penetration testing, you don’t know what you’re missing.

Organizations are under pressure to develop applications at an ever-faster pace – without sacrificing security. Enter DevSecOps. As the name implies, DevSecOps weaves security into every part of development. With this approach, security is an enabler, not a blocker.

With the emphasis on speed and scale, automation is an important component of DevSecOps. But automated tools don’t cover 100% of your security issues and can lead to false positives that cause problems of their own. On the other hand, penetration testing finds the flaws that automated tools can’t detect. Unfortunately, penetration testing is seen as a bottleneck to development – but it doesn’t have to be.

The solution is to combine automation with penetration testing – but not the traditional approach you’re familiar with. Successful DevSecOps programs require a new breed of penetration testing – one that’s relationship-driven and designed for speed and scale. This webcast explores the world of DevSecOps and how penetration testing is evolving to meet the needs of today’s organizations.

Watch this webcast to learn:

  • The pros and cons of popular modern AppSec tools -- SAST, DAST, SCA, IAST, RASP
  • The role of application penetration testing in your software development cycle (SDLC) and how it benefits your development team
  • Why application penetration testing isn’t “dead” and how relationship-driven penetration testing leads to better outcomes

Tom Eston

About the speaker, Tom Eston

AVP of Consulting at Bishop Fox

Tom Eston is the AVP of Consulting at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

Related Events

Extend your knowledge with these related events and webcasts.

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.