Application Security: Inside Out • Simon Corlett • GOTO 2023

Testing Security

Explore the power of Interactive Application Security Testing (IAST) to improve vulnerability detection, accuracy, and workflow, with benefits including reduced false positives, enhanced security, and improved productivity for developers.

Key takeaways
  • Legacy security tools create pain points, such as slow scans and broken feedback loops.
  • Interactive Application Security Testing (IAST) approaches the problem from a different perspective by injecting agents inside the app.
  • IAST can detect vulnerabilities in real-time and provide accurate findings, unlike DAST tools which often create false positives.
  • IAST tools can be used to monitor applications from the inside out, providing a more accurate and comprehensive view of vulnerabilities.
  • Using IAST can help shift security left, ensuring that developers can focus on creating high-quality, secure code without compromising their pace.
  • IAST tools can also be used to detect and block attacks in production, reducing the risk of vulnerabilities being exploited.
  • The accuracy of IAST tools is improved by using sensors inside the app to monitor traffic and flow of data.
  • IAST tools can be tailored to specific languages and frameworks, such as Java, .NET, Node, Ruby, Python, Go, PHP, and Kotlin.
  • IAST tools can be used to reduce the number of false positives and provide a clearer view of vulnerabilities, allowing developers to focus on fixing real issues.
  • Using IAST tools can help improve the flow of work for developers, reducing the time spent on security testing and improving overall productivity.
  • IAST tools can be used to monitor and track vulnerabilities in real-time, providing a more accurate view of security issues.
  • IAST tools can help improve the accuracy of security tooling, reducing the number of false positives and providing a clearer view of vulnerabilities.
  • Using IAST tools can help improve the feedback of security testing, providing developers with a more accurate view of vulnerabilities and allowing them to focus on fixing real issues.
  • IAST tools can be used to monitor and track vulnerabilities in real-time, providing a more accurate view of security issues.

More talks

Hila Fish – Open-Source: Open Choice - A DevOps Guide for OSS Adoption

SAINTCON 2023 - Jacob Oakley - In Space, No One Can Hear You Ping

IT Architecture : All your micro-services are wrong PERIOD! by Dwight Matthys

Elevating Kerberos to the Next Level

The path to agile DevSecOps – a holistic approach of automation, orchestration and correlation

Bücherratten: IPv6 - Eine kleine Einführung mit Linux

PyData Chicago January 2023 Meetup | Securday: Natural Language Network Scanner

SAINTCON 2023 - Michael Fischer - You are the reason your AppSec Program is failing