Claim OwnershipLet's Talk Security Testing
Subscribed: 2Played: 0
Subscribe
© Cytix 2023
Description
Your hosts, cyber tech founders Ben Armstrong and Thomas Ballin, have been increasingly frustrated with security testing's archaic approach. So they set about solving the problems they encountered themselves and created the Cytix platform.
In the same spirit, they're bottling these thoughts, experiences and anecdotes into honest and transparent 30-minute sessions to open up the discussions with you.
Let's Talk Security Testing is a podcast to challenge norms in cyber security testing for industry thought leaders ready to take on a new approach.
29 Episodes
Reverse
In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world? Traditionally seen as a gatekeeper for risk, CABs are often accused of slowing things down, blocking innovation, and creating more process than value. But can AI shift the role of CAB from bottleneck to enabler? We explore what a modern, AI-assisted CAB could look like, and whether change governance can finally move at the speed of development.
In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try to hack it. In this live pen testing session, we explore what happens when code is written without rules, and whether security still holds up under pressure.
In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well as a real human? We pit a seasoned pentester against our own AI tool in a live challenge, and the results might surprise you. 👉 Try the tool for yourself: https://www.cytix.io/change-analysis-tool
In Episode 6, Season 2, we unpack the explosive growth of AI and ask the critical question: could AI ever replace human pentesters?Subscribe to keep up to date with all new episodes, released every 2 weeks!
In Episode 5, Season 2, we dive into vulnerabilities and their detection methods, from automated scanners to human-led pen testing. Plus, we put our skills to the test in Hack it or Track it, where we break down real vulnerabilities, discussing how we’d exploit them and how we’d detect them before attackers do.Subscribe to keep up to date with all new episodes, released every 2 weeks!
In episode 4 season 2, explore the innovative world of Micro Pen-Tests - a targeted, bite-sized approach to security testing that stems from threat modelling and development changes.Subscribe to keep up to date with all new episodes - released every 2 weeks!
In episode 3 season 2, explore the power of Threat Modelling in security testing and how it helps organisations predict, identify, and mitigate cyber risks before they become real threats.Subscribe to keep up to date with all new episodes - released every 2 weeks!
In episode 2, season 2 of Let's Talk Security Testing, we continue the conversation on the widely debated topic of 'what can security learn from quality control'. Subscribe to keep up to date with all new episodes - released every 2 weeks!
In episode 1 of season 2, explore techniques for using Jira tickets to enhance the effectiveness of your pentesting efforts. Meaning you can threat model your change tickets and prioritise your testing strategy.Subscribe to keep up to date with all new episodes - released every 2 weeks!
In the second of the Let's Talk Security Testing vulnerability deep dive episodes, Ben and Tom explore access control issues. They explore:What are access control issues & practical examplesHow to identify access control issuesHow to prevent, find and fix them
Has the cyber security industry been ... lying to us? Do scanners provide the coverage whilst penetration tests provide the depth? Ben and Tom peel back the lid on this narrative to see if this is really the case...
In this first-of-its-type episode of Let's Talk Security Testing, Ben and Tom exclusively dive into the vulnerability, business logic flaws.They discuss:How business logic flaws are createdWhere they're typically foundWhy they're uniqueWays to optimise testing processes to find them more easily
Tom and Ben discuss:Determining the need for an internal pentesting teamSetting up the teamKey processes that lead to success
Ben and Tom discuss:The 3 primary sources of vulnerability creationA comparison of defensive cyber security approachesChallenges of route cause analysis
Join Ben and Tom in discussing:What do we mean by context in security testing?The reality of context in security testingBarriers to achieving context in security testing and how to overcome them
Ben and Tom share strategy options, how this translates to operations and resourcing, and what output to expect from an enterprise testing programme.
In episode 6 of Let's Talk Security Testing, we welcome our first guest to the studio, Senior Security Engineer, Christine Smoley. Tom and Christine have an honest conversation on the cyber security vendor landscape, how vendors can make things easier in the buying process, and shared experiences in dealing with challenges of coordinating a security testing team.
In this episode of Let's Talk Security Testing we cover: - Why LLMs are popular across working teams in general - How this can be applied for security testing - Myth busting LLM capabilities and security concerns
Tom and Ben break down what scalable really means, the practicalities this equates to, common challenges and tips & experiences on how to apply this yourself.
Penetration tests are expensive and hugely important to a companies cyber security. We discuss ways to make sure tests are set up for success in the most effective and efficient way.
Comments
Download from Google Play
Download from App Store
United States