Measuring and Maximizing Crowdsourced Vulnerability Discovery

[presentation]

Mike Shema

STARWEST 2018

Summary:

There are many crowdsourcing vulnerability discovery techniques available today, making it difficult for testers to choose an approach that finds important vulnerabilities while offering the best bang for the buck. Join Mike Shema as he shares several years of real-world data that will help you understand the different discovery techniques, such as bug bounty programs and scanners, and the best time to use each technique. Mike also will discuss how your approach may change according to your lifecycle, and ways to think about integrating security within that process. You'll see how metrics play a pivotal role in determining where to focus your time in order to work as efficiently as possible while achieving the best results. Learn three key measures that help drive risk-based decisions while balancing your team’s efforts with the stakeholders’ need for information. You'll leave with new strategies to better use the power of crowdsourcing to find and fix important vulnerabilities in your systems.

File:

Tags:

About the Presenter

Mike Shema is Vice President of SecOps and Research at Cobalt.io. Mike's experience with information security includes managing product security teams, building web application scanners, and consulting across a range of information security topics but that’s for work. For fun he writes books and blog posts about information security, with an infusion of references to music, sci-fi, and horror to keep the topics entertaining. His books include Anti-Hacker Tool Kit and Hacking Web Apps. He has taught hacking classes and presented research at conferences around the world. Passionate about this fascinating topic, he can be also followed on Twitter.

Upcoming Events

Apr 27	STAREAST Software Testing Conference in Orlando & Online
Jun 08	AI Con USA An Intelligence-Driven Future
Sep 21	STARWEST Software Testing Conference in Anaheim & Online

Recommended Web Seminars

Dec 05	Unlocking the Future of Testing: How AI is Revolutionizing Software Quality
On Demand	Building Confidence in Your Automation
On Demand	Leveraging Open Source Tools for DevSecOps
On Demand	Five Reasons Why Agile Isn't Working
On Demand	Building a Stellar Team

See All

Featured Resources

DevOps Continuous Delivery | TechWell

Open Source Testing Tools eGuide | TechWell

DevSecOps eGuide | TechWell

AI and the Future of Testing eGuide | TechWell

Testing in DevOps eGuide | TechWell

Visit Our Other Communities

Bringing you today’s best agile ideas and thought-leaders with how-to advice on the latest agile development & methodology practices.

The home for software testing and QA professionals—practical advice on test automation, test management, test techniques, and more.