Published on April 7th, 2019 📆 | 7457 Views ⚑0
BSides Leeds 2019: A Pentester's Guide To Left Shifting Security – Jay Harris
Security is big business. Between security companies trying to sell ?security-in-a-box? and infosec professionals charging a fortune to tell devs ?you?re doing it wrong?, is it any wonder security is an area that is often deprioritised? In this talk, we?ll look at what we should be doing to left shift
security testing i.e. make it easier to perform security tests during development. By working harder to integrate ourselves into the development process, we can start to see what can and should be automated (and where a security specialist should actually fit in). We?ll look to understand that writing secure applications does not need to be costly and not all applications need to have the same level of security. By using actual vulnerabilities found during pen tests as examples, we will look at the tools and techniques we can use to detect vulnerabilities automatically and early in the development lifecycle, ultimately allowing us to release software often and quickly while still having a good understanding of the application?s risk.
The aim of this talk will be to understand why security has not kept current with modern development practices and give developers the ability to integrate security into the development pipeline.
Speaker Bio: Jahmel (Jay) is a security researcher and hacker. He co-founded Digital Interruption;
a security consultancy which helps secure organisations with a mix of penetration testing and helping to embed security into application development pipelines. With a background in not only security testing but software development, Jay is able to advise engineers on balancing security with functionality. He has a particular interest in mobile application security, reverse engineering and radio and has presented talks and workshops at home in the UK and abroad. He also runs Manchester Grey Hats – a group aiming to bring hackers together to share knowledge and skills.