This guidebook aims to outline how security teams can transform pentesting from a development blocker into a value-adding program that provides periodic feedback. It explores the following:
Try to fit a pentest into a 24-hour development sprint and you may find yourself multiple iterations behind by the time vulnerability findings come back.
Larry Maccherone, DevSecOps transformation lead at Comcast, and Caroline Wong, Chief Strategy Officer at Cobalt.io, share insights on how pentesting needs to evolve to fit within DevOps. They explore the role pentesting has in agile development, what challenges currently come with it and what the potential solutions are. In addition, they take a look at how teams can streamline their workflows through changes in mindset, communication and remediation efforts.