Starting a twitter #infosec thread here! I have my opinion but wanna to get community input.
For mature organizations (i.e. @Netflix) practicing #DevSecOps, agile app sec, IaC, microservices, #shiftleft, <insert here>, where do traditional pentests fit within the pipeline?
12
14
37
Pentests are scheduled based on risk and legal obligations. Threat modeling, design choices, functional changes, etc all determine when and how often to pentest, which for most apps spans from never to multiple times a year.
Apr 24, 2019 · 10:49 AM UTC
1
4