How a Scientific Approach Can Save Security Testing – David Hunt – ESW #301
If you’ve ever worked on a red or purple team, you know scaling engagements to production is an intensive, unwieldy process. Technology pitfalls may exist, but the fundamental problem is this: the process of writing, testing, deploying, and verifying the efficacy of TTPs is highly flawed and inconsistent.
This conversation will focus on applying a scientific process to security testing in order to achieve production scale.
Segment Resources:
Prelude Build GitHub: https://github.com/preludeorg/build
Prelude Docs: https://docs.prelude.org/docs
Introducing Prelude Build: An Open Source IDE Purpose Built for Security Engineers: https://www.preludesecurity.com/blog/introducing-prelude-build-an-ide-purpose-built-for-security-engineers
A Practical Guide for Scaling Continuous Security Testing: https://www.preludesecurity.com/blog/scaled-security-testing-a-practical-guide
Prelude Build: https://www.preludesecurity.com/products/build
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guest
David leads the engineering effort at Prelude as CTO. Before Prelude, he led the team that built MITRE CALDERA. He has spent his career analyzing security across countless industries, including enterprise, aerospace, and OT.
