How to Perform Effective Web Application Security Assessments

Presented by

Leanne Shapton - Portswigger, Joel Noguera - Hacker & Pentester, Cindy Ho - HackerOne

About this talk

Security reviews and assessments can take a lot of effort and still not provide the results you are looking for, especially in the face of ever-expanding web portfolios and supply chain risk. Application security teams are already stretched thin. But doing automation right and knowing where and what to look for can save you time and money - and make your organization more secure. HackerOne - curator of the world’s largest ethical hacker community - and PortSwigger - creators of Burp Suite, the world’s leading toolkit for web security testing - bring you key learnings that will help you develop best practices and ensure you’re getting the most from your investments in web security. This workshop will provide tips from two perspectives: Leanne Shapton - application security engineer at Shopify and Joel Noguera, white hat ethical hacker. Topics include: - Shopify’s approach to incorporate security into product review processes to support the development of their app-store and marketplace - How automated vulnerability scanning complements penetration testing, bug bounty programmes and other security processes - Advice for how security teams can partner with software developers - How to balance automation with human intuition - How to identify weaknesses faster to spend more time on what matters

Related topics:

More from this channel

Upcoming talks (15)
On-demand talks (51)
Subscribers (4119)
HackerOne powers the world’s leading bug bounty and vulnerability coordination platform. More than 700 organizations trust HackerOne to find their critical software vulnerabilities before criminals can exploit them. HackerOne has the world's largest community of trustworthy hackers to help improve your organization's defense. Customers include General Motors, Adobe, Uber, the U.S. Pentagon, Salesforce, Twitter, Yahoo!, Dropbox, Square, LinkedIn, Snapchat, Airbnb, New Relic, Qualcomm, Nintendo, Intel and the CERT Coordination Center.