✓ Transformation Day for free
✓ Save up to € 830
✓ Raspberry Pi or C64 Mini for free
✓ Transformation Day gratis
✓ Bis zu 830 € sparen
✓ Raspberry Pi oder C64 Mini gratis
✓ See you in 2022!
✓ Wir sehen uns 2022!
09:00 - 09:45
If you ask software engineers, most of them will say that obviously they care about security. Unfortunately, the reality of competing priorities often relegates security testing to the annual third-party penetration test report… too little, too late!
DevSecOps advocates a mindset where security is everybody’s responsibility and that with the right tools and knowledge, but this cannot happen without proper support and upskilling. The good news is, as engineers we are fast learners, we love to solve problems… and we like to try and break things.
Over the last year, I have been running “Internal PenTest” events with several groups of developers, testers and SREs. For a day, we step back from the usual work and cross to the other side to answer the question: can we hack the applications that we’ve been developing? Equipped with the wealth of insider knowledge, the team explores a specific area of the application, models threats, searches for vulnerabilities and attempts to exploit them.
So far, every session has always finished with a list of security fixes, but the real value is in the learning, when engineers will go back to their daily work with this new hacking knowledge and build more secure applications.