Session

I don’t always do APPSEC TESTING, but when I do, it’s IN PRODUCTION

That’s crazy talk! ...or is it?

One revolutionary technique that has shifted the paradigm of performance testing is doing performance testing in production using canary deployments. However, the benefits of using a similar approach for App and API security testing are even more significant. Doing so assures that your vulnerability resolution fixes are relevant to and effective in a real-world environment as opposed to a not-real pre-prod environment.

This avoids the shortcomings of traditional tools -- the inaccuracy and long scan times of SAST, poor coverage of DAST and IAST tools, lack of context in SCA, and ineffectiveness of WAF. It even aligns well with movements like DevOps, cloud-native, and shifting ownership of security left from the security team to engineering.

Join this discussion to learn what revolutionary techniques are necessary to safely pull this off.

Larry Maccherone

DevSecOps Transformation

Raleigh, North Carolina, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top