How to Perform Effective Web Application Security Assessments

Logo
Presented by

Leanne Shapton - Portswigger, Joel Noguera - Hacker & Pentester, Cindy Ho - HackerOne

About this talk

Security reviews and assessments can take a lot of effort and still not provide the results you are looking for, especially in the face of ever-expanding web portfolios and supply chain risk. Application security teams are already stretched thin. But doing automation right and knowing where and what to look for can save you time and money - and make your organization more secure. HackerOne - curator of the world’s largest ethical hacker community - and PortSwigger - creators of Burp Suite, the world’s leading toolkit for web security testing - bring you key learnings that will help you develop best practices and ensure you’re getting the most from your investments in web security. This workshop will provide tips from two perspectives: Leanne Shapton - application security engineer at Shopify and Joel Noguera, white hat ethical hacker. Topics include: - Shopify’s approach to incorporate security into product review processes to support the development of their app-store and marketplace - How automated vulnerability scanning complements penetration testing, bug bounty programmes and other security processes - Advice for how security teams can partner with software developers - How to balance automation with human intuition - How to identify weaknesses faster to spend more time on what matters
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (123)
Subscribers (11877)
HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.