Pentesting in DevOps: A How-To Guide eBook

Pentesting & DevOps: From Gatekeeper to Enabler 

This guidebook aims to outline how security teams can transform pentesting from a development blocker into a value-adding program that provides periodic feedback. It explores the following:

  • What on-demand pentesting is and how it can lead to more timely vulnerability findings
  • The value pentesting can bring to engineering teams with different levels of DevOps maturity
  • Which pentesting models can improve communication between security, engineering and pentesting teams

Try to fit a pentest into a 24-hour development sprint and you may find yourself multiple iterations behind by the time vulnerability findings come back. 

Larry Maccherone, DevSecOps transformation lead at Comcast, and Caroline Wong, Chief Strategy Officer at, share insights on how pentesting needs to evolve to fit within DevOps. They explore the role pentesting has in agile development, what challenges currently come with it and what the potential solutions are. In addition, they take a look at how teams can streamline their workflows through changes in mindset, communication and remediation efforts.

What are the learnings?

  • On-demand pentesting enables shorter setup times
  • Pentest as a Service platforms help security, engineering and testers communicate more effectively 
  • Smaller and more frequent tests boost remediation and inform secure development

Get Your Copy!