Robyn Lundin -- Planning & organizing a penetration test as an AppSec team
The Application Security Podcast
00:00
Pen Testing - How Does It Fit Into the Secure Development Lifecycle?
Pen testing should really be on the tail end of your secure development lifecycle. When I was doing application pentesting for NCC group, typically I would start with just using that app as if I was a normal user and seeing like, what's here? And then intercepting all those requests and looking at the APIs that are under the surface. Even just walking through as a normal user,. you know, there will be secrets exposed in an API request that no one thinks that you can see. That would be step one. And then from there, it would be how would I abuse this if I were a malicious person.
Transcript
Play full episode
