They’ll be a brilliant set of questions and typically we won’t get time for them to be answered. However, we’ll add any questions we didn’t get to on this thread for Saskia to answer. Plus I’ll share links to all the things shared.
And feel free to continue the conversation, this thread is a good place to do that. Share resources and follow up with success stories from your learnings!
A recording of the Ask Me Anything will be made available. Look out for it on the Ask Me Anything Page in the coming days.
How do I get started with Security Testing as in (a) learning resources, (b) easy things to start testing for, and (c) understanding the bigger picture of security?
Would you mind sharing how the OWASP Top Ten helps you when planning your security testing efforts?
How do you convince leadership/management to take security risks seriously when they are prioritising other risks?
For someone with no specific knowledge of security testing, what would be the top 3 things to test in the early stages?
Are the open source tools as good as the commercial tools and how often should the scan be run? Probably build it into the CI/CD pipeline?
Security has a lot of different things to test/verify. In your opinion, is it better for the whole team to know how to check a few things, or to have a few people dedicated to thorough security testing?
Whilst there are things that only a dedicated security tester can do, like pen testing, what low hanging fruit could us non-security testers do to help?
What’s the biggest security testing horror story you are comfortable sharing?
This may naturally come up, but how did you get into security testing? Did you do other testing and migrate over? Do other security and move to more testing? Something else?
