Many organizations think they're doing software security testing correctly, but they're not. In fact, they often miss a fundamental step and jump straight to vulnerability scanning. Scanning is useful, but most of the important issues are found by humans, explains Ted Harrington, Infosec Skills instructor and best-selling author of "Hackable: How to Do Application Security Right." Harrington shares a real-world example of how his team combined two issues to provide a devastating attack.
0:00 - Why organizations do testing wrong
0:31 - Vulnerability scanning misses a fundamental step
1:18 - Advance tactics largely cannot be automated
1:43 - Real-world chaining exploits example
3:40 - Only humans can find these nuanced security issues
– Watch the full webcast: https://www.youtube.com/watch?v=hYL0Mk1tCqs
– Download Ted's free ebook, “How to secure your software faster and better": https://www.infosecinstitute.com/form/secure-software-ted-harrington-ebook/
– Read Ted's article on ethical hacking: https://resources.infosecinstitute.com/topic/the-7-steps-of-ethical-hacking/
About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
3 Comments