SECurity FUNdamentals

Frugal Web Application Testing – Can in-house penetration testing achieve industry standard results while saving you money?


Security Fundamentals (803) November 15, 2017 1:25 pm - 2:25 pm Feedback     

Bookmark and Share

Harshal Chandorkar
Natalia Wadden

We live in a time where web applications play crucial roles in our society. To deploy a web application into production without properly securing the code and conducting a penetration test to identify the vulnerabilities for remediation, is to welcome an adversary to negatively impact business function, bypass access controls and steal data.

While third party companies offer automated and manual web app penetration tests, these can be very costly and out of reach for many corporations. This presentation will not only provide insight into the differences between third-party automated and manual web app pentests–including their results and cost implications–but will also explore the benefits of developing penetration testing skills in-house. We will demonstrate how you can successfully build an in-house pentesting team that can provide industry standard results while saving your company money.

This interactive discussion will show how teams can utilize readily available tools to test for some of the most common vulnerabilities, such as those in the OWASP Top 10. Attendees will walk away with an understanding of:

  • How to read and understand a web app penetration test report
  • Where to find powerful, yet easy-to-use tools to facilitate your testing
  • How to use different tools to perform web app tests
  • How to structure and build a framework for a successful internal penetration testing team
  • What to look for when comparing the costs of internal vs external web app testing and where to find cost-savings