How to Perform Effective Web Application Security Assessments

Presented by

Leanne Shapton - Portswigger, Joel Noguera - Hacker & Pentester, Cindy Ho - HackerOne

About this talk

Security reviews and assessments can take a lot of effort and still not provide the results you are looking for, especially in the face of ever-expanding web portfolios and supply chain risk. Application security teams are already stretched thin. But doing automation right and knowing where and what to look for can save you time and money - and make your organization more secure. HackerOne - curator of the world’s largest ethical hacker community - and PortSwigger - creators of Burp Suite, the world’s leading toolkit for web security testing - bring you key learnings that will help you develop best practices and ensure you’re getting the most from your investments in web security. This workshop will provide tips from two perspectives: Leanne Shapton - application security engineer at Shopify and Joel Noguera, white hat ethical hacker. Topics include: - Shopify’s approach to incorporate security into product review processes to support the development of their app-store and marketplace - How automated vulnerability scanning complements penetration testing, bug bounty programmes and other security processes - Advice for how security teams can partner with software developers - How to balance automation with human intuition - How to identify weaknesses faster to spend more time on what matters

Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (107)
Subscribers (9466)
HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.