DevSecOps and Application Penetration Testing: Defying the Myth

On-demand webcast dives into the role of application penetration testing in today’s software development lifecycle (SDLC).

If you’re not penetration testing, you don’t know what you’re missing.

Organizations are under pressure to develop applications at an ever-faster pace – without sacrificing security. Enter DevSecOps. As the name implies, DevSecOps weaves security into every part of development. With this approach, security is an enabler, not a blocker.

With the emphasis on speed and scale, automation is an important component of DevSecOps. But automated tools don’t cover 100% of your security issues and can lead to false positives that cause problems of their own. On the other hand, penetration testing finds the flaws that automated tools can’t detect. Unfortunately, penetration testing is seen as a bottleneck to development – but it doesn’t have to be.

The solution is to combine automation with penetration testing – but not the traditional approach you’re familiar with. Successful DevSecOps programs require a new breed of penetration testing – one that’s relationship-driven and designed for speed and scale. This webcast explores the world of DevSecOps and how penetration testing is evolving to meet the needs of today’s organizations.

Watch this webcast to learn:

  • The pros and cons of popular modern AppSec tools -- SAST, DAST, SCA, IAST, RASP
  • The role of application penetration testing in your software development cycle (SDLC) and how it benefits your development team
  • Why application penetration testing isn’t “dead” and how relationship-driven penetration testing leads to better outcomes
Tom Eston

About the speaker, Tom Eston

VP of Consulting and Cosmos at Bishop Fox

Tom Eston is the VP of Consulting and Cosmos at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

Extend Your Knowledge

Check out these related resources.

Bishop Fox Webcast Cracking the code with Secure Code Review hosted by Chris Bush
Webcast

Cracking the Code: Secure Code Review in DevSecOps

On-demand webcast offers an in-depth look at how DevOps can integrate both automated and manual code review into the software development lifecycle.

Learn More
Bishop Fox DevSecOps Webcast hosted by Tom Eston, AVP of Consulting Services at Bishop Fox
Webcast

How to Build a DevSecOps Program that Works for Developers AND Security

On-demand webcast explores how the right DevSecOps strategy empowers both your security and development teams.

Learn More
2022 DIGITAL APT Methodology FI Tile
Methodology

Bishop Fox Application Penetration Testing Methodology

Overview of Bishop Fox’s methodology for application penetration testing.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.