SlideShare a Scribd company logo

Outpost24 webinar - Covid-19: Driving application security resilience in times of crisis

Outpost24
Outpost24

Our security expert will show you how to optimize the results of traditional pen tests to increase cost efficiency through automation

Software
1 of 21
Download to read offline
Creating application security resilience during the pandemic Covid-19 webinar Simon Roe, Product Manager May 13, 2020
2 Covid-19 changed the world as we know it
Lockdown – Changing the way we live and work 3
4 8.4bn The number of records exposed in Q1 2020 273% increase from 2019 Mostly from the web The Covid-19 ripple effect
Launch now, test later? • Web application is the #1 attack vector for data breach • 44% of organizations don't test the security of their web apps before launch • Knowing your security posture is more important than ever 5
6 Cyber hygiene is your best defense • Yes. The benefits gained are very valuable • Find the backdoors – or things your automated tools miss • Risk prioritisation • Improve detection and alerting (OWASP top 10 2017 A10) • Validate your controls • Comply with local, national and international regulations • It helps fill in the blanks from your automated scanning
The old Pen test in the current climate 7
8 This is what you think you pay for A 10 day total Penetration test at an agreed ‘Day rate’ ($750-$1,000+) Test Application (10 Days / $7,500) $$
But what about these costs 9 Appoint company, negotiate contract (5 days / $2,500)Tender (2 days / $1000) Scope, agree start date (2 Days/ $1,000) Your 10 day test is really 15 – 20 days Upfront cost + Test Application (10 + 9 = 19 Days / $12,000) + $4,500 $$$$ + 9 days The day rate of your in house staff ($500)
Wait, there’s even more costs 10 Review the report (3 days / $1,500) Create remediation issues ( 2 days / $1,000) A 10 day test, is likely 8 days testing, with 1 day report writing and 1 day hand over and maybe some delays thrown in during testing Remediate – (10+ day /$5,000) Upfront cost + Test Application (19 – 2 = 17 Days / but the cost is still $12,000) $$$$$$ Adding another 15+ days and $7,500 = potentially $19,500!!
11 $$ $$$$ $$$$$$ • Go to tender • Find your supplier • Scope out the app • Negotiate the contract • Review the findings • Add them to your issue tracking / backlog • Remediate The real cost of that $750/day test
12 Worse still….. It delivers poor value
13 • Delays happen when you are not ready for the testers • Testing can impact production, leading to a rescope and loss of time • Wait for the report to be written • Your ‘10 day test’ probably results in 5 days of manual testing effort You don’t get what you pay for
14 It costs you more money and delivery less value • You think of the ‘test’ as a number of ‘Man days’. It’s a false economy. You miss all the other costs before and after the test • Your test is likely 50% automation with some review of findings, a day for the reports and a day for the hand over • You cannot work on remediation until the test finishes (delays) and you have been given the report • Likely you will be juggling false positives, subjective findings and have no real way to query or clarify the issues • You cannot easily verify that your development teams have fixed the issues reported And yet you still do it
Changing the way you test apps 15
16 • Next Gen Appsec program • Annual contracts • Pool of testing, requested on demand • Zero false positives • Findings posted to UI available for remediation during testing • Direct access to the analysts • Ability to request verification of remediation activities • Customers save time & money whilst being able to request testing that suits their timelines and SDLC processes Next Gen Appsec program
17 • 365 monitoring • Daily assessments • Regular manual assessment • Findings presented as soon as they are assessed Continuous assessment for Critical Applications
18 • Like major streaming TV stations : you tell us when you want to consume a license • Fixed fee – know upfront the cost • Up to thirty days of manual testing and remediation advice • No false positives On demand for everything else
19 Old vs New Build application security resilience Old : hidden costs per test New: fixed upfront cost Old: You test when you can, and pause your Dev. New: Test continuously, or on demand, as part of the Dev process Old: you remediate long after the test has finished New: you remediate whilst the test is still ongoing $$
#StandByYou during Covid-19 Talk to us to find out how to take advantage of our security testing offers to maintain your cyber hygiene https://marketing.outpost2 4.com/mkg/standbyyou- during-covid-19 20
Simon Roe Product Manager - Appsec sro@outpost24.com Questions 21

Recommended

How to measure the business impact of web performance
How to measure the business impact of web performanceHow to measure the business impact of web performance
How to measure the business impact of web performance
SOASTA
 
Delivering react app with confidence: Testing Pyramid
Delivering react app with confidence: Testing PyramidDelivering react app with confidence: Testing Pyramid
Delivering react app with confidence: Testing Pyramid
Seven Peaks Speaks
 
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal ReadinessTis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
SOASTA
 
Shift left
Shift leftShift left
Shift left
penetration Tester
 
13 things your QA team wants you to know
13 things your QA team wants you to know13 things your QA team wants you to know
13 things your QA team wants you to know
Simon Papineau
 
6 Ways to Speed Up App Testing
6 Ways to Speed Up App Testing6 Ways to Speed Up App Testing
6 Ways to Speed Up App Testing
Perfecto by Perforce
 
Synthetic and rum webinar
Synthetic and rum webinarSynthetic and rum webinar
Synthetic and rum webinar
SOASTA
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the Cloud
SOASTA
 

Recommended

How to measure the business impact of web performance
How to measure the business impact of web performanceHow to measure the business impact of web performance
How to measure the business impact of web performance
SOASTA
 
Delivering react app with confidence: Testing Pyramid
Delivering react app with confidence: Testing PyramidDelivering react app with confidence: Testing Pyramid
Delivering react app with confidence: Testing Pyramid
Seven Peaks Speaks
 
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal ReadinessTis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
SOASTA
 
Shift left
Shift leftShift left
Shift left
penetration Tester
 
13 things your QA team wants you to know
13 things your QA team wants you to know13 things your QA team wants you to know
13 things your QA team wants you to know
Simon Papineau
 
6 Ways to Speed Up App Testing
6 Ways to Speed Up App Testing6 Ways to Speed Up App Testing
6 Ways to Speed Up App Testing
Perfecto by Perforce
 
Synthetic and rum webinar
Synthetic and rum webinarSynthetic and rum webinar
Synthetic and rum webinar
SOASTA
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the Cloud
SOASTA
 
SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA Webinar: Process Compression For Mobile App Dev 120612SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA
 
Sauce Labs Webinar: Rising Importance of Software Testing
Sauce Labs Webinar: Rising Importance of Software TestingSauce Labs Webinar: Rising Importance of Software Testing
Sauce Labs Webinar: Rising Importance of Software Testing
Sauce Labs
 
Boundary Conditions - Who Needs Agile?
Boundary Conditions - Who Needs Agile?Boundary Conditions - Who Needs Agile?
Boundary Conditions - Who Needs Agile?
John Carter
 
RecSysOps: Best Practices for Operating a Large-Scale Recommender System
RecSysOps: Best Practices for Operating a Large-Scale Recommender SystemRecSysOps: Best Practices for Operating a Large-Scale Recommender System
RecSysOps: Best Practices for Operating a Large-Scale Recommender System
Ehsan38
 
The Pothole of Automating Too Much
The Pothole of Automating Too MuchThe Pothole of Automating Too Much
The Pothole of Automating Too Much
TechWell
 
Ruminations from a construction site
Ruminations from a construction siteRuminations from a construction site
Ruminations from a construction site
Vedzen Institute
 
Delivering Excellent Digital Quality to Your Customers
Delivering Excellent Digital Quality to Your CustomersDelivering Excellent Digital Quality to Your Customers
Delivering Excellent Digital Quality to Your Customers
Applause
 
Tackling Strategic Engineering Challenges
Tackling Strategic Engineering ChallengesTackling Strategic Engineering Challenges
Tackling Strategic Engineering Challenges
Applause
 
7 steps to pragmatic mobile testing
7 steps to pragmatic mobile testing7 steps to pragmatic mobile testing
7 steps to pragmatic mobile testing
SOASTA
 
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
SOASTA
 
How, why, and the roi kcdc '21
How, why, and the roi kcdc '21How, why, and the roi kcdc '21
How, why, and the roi kcdc '21
Marcus Merrell
 
Final Report
Final ReportFinal Report
Final Report
Ellen Van
 
5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy
SOASTA
 
AMC Networks Experiments Faster on the Server Side
AMC Networks Experiments Faster on the Server SideAMC Networks Experiments Faster on the Server Side
AMC Networks Experiments Faster on the Server Side
Optimizely
 
Final tips holiday readiness 2015 for slide share
Final tips holiday readiness 2015 for slide shareFinal tips holiday readiness 2015 for slide share
Final tips holiday readiness 2015 for slide share
SOASTA
 
How to Test the Internet of Everything
How to Test the Internet of EverythingHow to Test the Internet of Everything
How to Test the Internet of Everything
SQALab
 
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
Optimizely
 
Four best practices for performance testing mobile apps soasta and utopia
Four best practices for performance testing mobile apps soasta and utopiaFour best practices for performance testing mobile apps soasta and utopia
Four best practices for performance testing mobile apps soasta and utopia
SOASTA
 
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major EventsO'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
SOASTA
 
Nikos chaldeos testing stories
Nikos chaldeos testing storiesNikos chaldeos testing stories
Nikos chaldeos testing stories
NikosChaldeos
 
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24
 

More Related Content

What's hot

SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA Webinar: Process Compression For Mobile App Dev 120612SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA
 
RecSysOps: Best Practices for Operating a Large-Scale Recommender System
RecSysOps: Best Practices for Operating a Large-Scale Recommender SystemRecSysOps: Best Practices for Operating a Large-Scale Recommender System
RecSysOps: Best Practices for Operating a Large-Scale Recommender System
Ehsan38
 
The Pothole of Automating Too Much
The Pothole of Automating Too MuchThe Pothole of Automating Too Much
The Pothole of Automating Too Much
TechWell
 
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
SOASTA
 
Final Report
Final ReportFinal Report
Final Report
Ellen Van
 
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
Optimizely
 
Four best practices for performance testing mobile apps soasta and utopia
Four best practices for performance testing mobile apps soasta and utopiaFour best practices for performance testing mobile apps soasta and utopia
Four best practices for performance testing mobile apps soasta and utopia
SOASTA
 
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major EventsO'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
SOASTA
 

What's hot (20)

SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA Webinar: Process Compression For Mobile App Dev 120612SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA Webinar: Process Compression For Mobile App Dev 120612
 
Sauce Labs Webinar: Rising Importance of Software Testing
Sauce Labs Webinar: Rising Importance of Software TestingSauce Labs Webinar: Rising Importance of Software Testing
Sauce Labs Webinar: Rising Importance of Software Testing
 
Boundary Conditions - Who Needs Agile?
Boundary Conditions - Who Needs Agile?Boundary Conditions - Who Needs Agile?
Boundary Conditions - Who Needs Agile?
 
RecSysOps: Best Practices for Operating a Large-Scale Recommender System
RecSysOps: Best Practices for Operating a Large-Scale Recommender SystemRecSysOps: Best Practices for Operating a Large-Scale Recommender System
RecSysOps: Best Practices for Operating a Large-Scale Recommender System
 
The Pothole of Automating Too Much
The Pothole of Automating Too MuchThe Pothole of Automating Too Much
The Pothole of Automating Too Much
 
Ruminations from a construction site
Ruminations from a construction siteRuminations from a construction site
Ruminations from a construction site
 
Delivering Excellent Digital Quality to Your Customers
Delivering Excellent Digital Quality to Your CustomersDelivering Excellent Digital Quality to Your Customers
Delivering Excellent Digital Quality to Your Customers
 
Tackling Strategic Engineering Challenges
Tackling Strategic Engineering ChallengesTackling Strategic Engineering Challenges
Tackling Strategic Engineering Challenges
 
7 steps to pragmatic mobile testing
7 steps to pragmatic mobile testing7 steps to pragmatic mobile testing
7 steps to pragmatic mobile testing
 
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
Adopting Cloud Testing for Continuous Delivery, with the premier global provi...
 
How, why, and the roi kcdc '21
How, why, and the roi kcdc '21How, why, and the roi kcdc '21
How, why, and the roi kcdc '21
 
Final Report
Final ReportFinal Report
Final Report
 
5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy
 
AMC Networks Experiments Faster on the Server Side
AMC Networks Experiments Faster on the Server SideAMC Networks Experiments Faster on the Server Side
AMC Networks Experiments Faster on the Server Side
 
Final tips holiday readiness 2015 for slide share
Final tips holiday readiness 2015 for slide shareFinal tips holiday readiness 2015 for slide share
Final tips holiday readiness 2015 for slide share
 
How to Test the Internet of Everything
How to Test the Internet of EverythingHow to Test the Internet of Everything
How to Test the Internet of Everything
 
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
How The Zebra Utilized Feature Experiments To Increase Carrier Card Engagemen...
 
Four best practices for performance testing mobile apps soasta and utopia
Four best practices for performance testing mobile apps soasta and utopiaFour best practices for performance testing mobile apps soasta and utopia
Four best practices for performance testing mobile apps soasta and utopia
 
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major EventsO'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
 
Nikos chaldeos testing stories
Nikos chaldeos testing storiesNikos chaldeos testing stories
Nikos chaldeos testing stories
 

Similar to Outpost24 webinar - Covid-19: Driving application security resilience in times of crisis

SbE - Requirements in an agile process
SbE - Requirements in an agile processSbE - Requirements in an agile process
SbE - Requirements in an agile process
Chris Schotanus
 
Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...
Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...
Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...
Lounge47
 
Rational Quality Manager
Rational Quality ManagerRational Quality Manager
Rational Quality Manager
Strongback Consulting
 
Agile in a Legacy World - Sonik Chopra
Agile in a Legacy World - Sonik ChopraAgile in a Legacy World - Sonik Chopra
Agile in a Legacy World - Sonik Chopra
AgileNCR2014
 
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal ReadinessTis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
SOASTA
 
Develop a Defect Prevention Strategy—or Else!
Develop a Defect Prevention Strategy—or Else!Develop a Defect Prevention Strategy—or Else!
Develop a Defect Prevention Strategy—or Else!
TechWell
 
InfinityQS_7 Habits of Quality Obsessed Manufacturers_Print final
InfinityQS_7 Habits of Quality Obsessed Manufacturers_Print finalInfinityQS_7 Habits of Quality Obsessed Manufacturers_Print final
InfinityQS_7 Habits of Quality Obsessed Manufacturers_Print final
Vanessa Stirling
 

Similar to Outpost24 webinar - Covid-19: Driving application security resilience in times of crisis (20)

Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
 
Clover Rings Up Digital Growth to Drive Experimentation
Clover Rings Up Digital Growth to Drive ExperimentationClover Rings Up Digital Growth to Drive Experimentation
Clover Rings Up Digital Growth to Drive Experimentation
 
SbE - Requirements in an agile process
SbE - Requirements in an agile processSbE - Requirements in an agile process
SbE - Requirements in an agile process
 
Owasp LA
Owasp LAOwasp LA
Owasp LA
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
3. introduction to software testing
3. introduction to software testing3. introduction to software testing
3. introduction to software testing
 
Top 10 Benefits of Crowd Testing
Top 10 Benefits of Crowd TestingTop 10 Benefits of Crowd Testing
Top 10 Benefits of Crowd Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
How to build confidence in your release cycle
How to build confidence in your release cycleHow to build confidence in your release cycle
How to build confidence in your release cycle
 
Agile Methods: Fact or Fiction
Agile Methods: Fact or FictionAgile Methods: Fact or Fiction
Agile Methods: Fact or Fiction
 
Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...
Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...
Vivint Wireless How to De-Risk a New Venture & Build a Better ISP - Luke L...
 
Rational Quality Manager
Rational Quality ManagerRational Quality Manager
Rational Quality Manager
 
Bugday bkk-2014 nitisak-auto_perf
Bugday bkk-2014 nitisak-auto_perfBugday bkk-2014 nitisak-auto_perf
Bugday bkk-2014 nitisak-auto_perf
 
Agile in a Legacy World - Sonik Chopra
Agile in a Legacy World - Sonik ChopraAgile in a Legacy World - Sonik Chopra
Agile in a Legacy World - Sonik Chopra
 
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal ReadinessTis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
Tis The Season: Load Testing Tips and Checklist for Retail Seasonal Readiness
 
Develop a Defect Prevention Strategy—or Else!
Develop a Defect Prevention Strategy—or Else!Develop a Defect Prevention Strategy—or Else!
Develop a Defect Prevention Strategy—or Else!
 
InfinityQS_7 Habits of Quality Obsessed Manufacturers_Print final
InfinityQS_7 Habits of Quality Obsessed Manufacturers_Print finalInfinityQS_7 Habits of Quality Obsessed Manufacturers_Print final
InfinityQS_7 Habits of Quality Obsessed Manufacturers_Print final
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
 
Anton Muzhailo - Practical Test Process Improvement using ISTQB
Anton Muzhailo - Practical Test Process Improvement using ISTQBAnton Muzhailo - Practical Test Process Improvement using ISTQB
Anton Muzhailo - Practical Test Process Improvement using ISTQB
 

More from Outpost24

More from Outpost24 (20)

Outpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystem
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
Outpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security ProgramOutpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security Program
 
Outpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theftOutpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theft
 
Outpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictionsOutpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictions
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
Outpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technologyOutpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technology
 
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
 
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev ops
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
anilsa9823
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

Outpost24 webinar - Covid-19: Driving application security resilience in times of crisis

  • 1. Creating application security resilience during the pandemic Covid-19 webinar Simon Roe, Product Manager May 13, 2020
  • 2. 2 Covid-19 changed the world as we know it
  • 3. Lockdown – Changing the way we live and work 3
  • 4. 4 8.4bn The number of records exposed in Q1 2020 273% increase from 2019 Mostly from the web The Covid-19 ripple effect
  • 5. Launch now, test later? • Web application is the #1 attack vector for data breach • 44% of organizations don't test the security of their web apps before launch • Knowing your security posture is more important than ever 5
  • 6. 6 Cyber hygiene is your best defense • Yes. The benefits gained are very valuable • Find the backdoors – or things your automated tools miss • Risk prioritisation • Improve detection and alerting (OWASP top 10 2017 A10) • Validate your controls • Comply with local, national and international regulations • It helps fill in the blanks from your automated scanning
  • 7. The old Pen test in the current climate 7
  • 8. 8 This is what you think you pay for A 10 day total Penetration test at an agreed ‘Day rate’ ($750-$1,000+) Test Application (10 Days / $7,500) $$
  • 9. But what about these costs 9 Appoint company, negotiate contract (5 days / $2,500)Tender (2 days / $1000) Scope, agree start date (2 Days/ $1,000) Your 10 day test is really 15 – 20 days Upfront cost + Test Application (10 + 9 = 19 Days / $12,000) + $4,500 $$$$ + 9 days The day rate of your in house staff ($500)
  • 10. Wait, there’s even more costs 10 Review the report (3 days / $1,500) Create remediation issues ( 2 days / $1,000) A 10 day test, is likely 8 days testing, with 1 day report writing and 1 day hand over and maybe some delays thrown in during testing Remediate – (10+ day /$5,000) Upfront cost + Test Application (19 – 2 = 17 Days / but the cost is still $12,000) $$$$$$ Adding another 15+ days and $7,500 = potentially $19,500!!
  • 11. 11 $$ $$$$ $$$$$$ • Go to tender • Find your supplier • Scope out the app • Negotiate the contract • Review the findings • Add them to your issue tracking / backlog • Remediate The real cost of that $750/day test
  • 13. 13 • Delays happen when you are not ready for the testers • Testing can impact production, leading to a rescope and loss of time • Wait for the report to be written • Your ‘10 day test’ probably results in 5 days of manual testing effort You don’t get what you pay for
  • 14. 14 It costs you more money and delivery less value • You think of the ‘test’ as a number of ‘Man days’. It’s a false economy. You miss all the other costs before and after the test • Your test is likely 50% automation with some review of findings, a day for the reports and a day for the hand over • You cannot work on remediation until the test finishes (delays) and you have been given the report • Likely you will be juggling false positives, subjective findings and have no real way to query or clarify the issues • You cannot easily verify that your development teams have fixed the issues reported And yet you still do it
  • 15. Changing the way you test apps 15
  • 16. 16 • Next Gen Appsec program • Annual contracts • Pool of testing, requested on demand • Zero false positives • Findings posted to UI available for remediation during testing • Direct access to the analysts • Ability to request verification of remediation activities • Customers save time & money whilst being able to request testing that suits their timelines and SDLC processes Next Gen Appsec program
  • 17. 17 • 365 monitoring • Daily assessments • Regular manual assessment • Findings presented as soon as they are assessed Continuous assessment for Critical Applications
  • 18. 18 • Like major streaming TV stations : you tell us when you want to consume a license • Fixed fee – know upfront the cost • Up to thirty days of manual testing and remediation advice • No false positives On demand for everything else
  • 19. 19 Old vs New Build application security resilience Old : hidden costs per test New: fixed upfront cost Old: You test when you can, and pause your Dev. New: Test continuously, or on demand, as part of the Dev process Old: you remediate long after the test has finished New: you remediate whilst the test is still ongoing $$
  • 20. #StandByYou during Covid-19 Talk to us to find out how to take advantage of our security testing offers to maintain your cyber hygiene https://marketing.outpost2 4.com/mkg/standbyyou- during-covid-19 20
  • 21. Simon Roe Product Manager - Appsec sro@outpost24.com Questions 21