Let's Talk Security Testing | Podcast en RSS.com

Let's Talk Security Testing

Let's Talk Security Testing

por Ben Armstrong, Thomas Ballin

Temporada 4

What the hell happened to PTaaS?

In this episode of Let’s Talk Security Testing, we revisit PTaaS (Pen Testing as a Service) — a buzzword that never quite settled on a definition. Was it just pen testing with a portal? Continuous testing? Cheaper delivery? We break down what PTaaS was meant to be, how it evolved, and why it seems to have faded, without ever being clearly defined.

Did Anthropic Just Solve AppSec?

Anthropic recently announced a new code analysis capability that’s sparked a lot of discussion across the AppSec community. In this episode of Let’s Talk Security Testing, we break down what the announcement actually means for application security teams, whether it represents real progress or just another wave of industry hype. We also dive into one of the hardest problems in security testing - business logic flaws, and discuss whether tools can realistically detect them. Finally, we play a game: build an AppSec programme with only $10, exploring the trade-offs security teams face when budgets are limited.

The AppSec Reality Check with NCC Group

AI is reshaping how software is built. But is it reshaping how it’s secured? In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption in development workflows to the rise of AI-driven pentesting tools, we unpack what’s progressing, and what’s still marketing. We cover: The reality of AI in modern development pipelines The current maturity of AI-powered pentesting How buyer expectations are shifting Whether pentesting is evolving or simply being rebranded For CISOs, Heads of AppSec, and security leaders trying to make sense of the noise, this is the grounded perspective you need.

Temporada 3

The Reality of Agentic Application Security

Agentic AI is the latest shift in application security, but how much of it is delivering real results? In this episode, we break down: - What “agentic” really means in AppSec - Where agentic workflows are genuinely adding value - The limits of automation, and where human expertise still leads - How enterprises are adopting it without overcommitting If you’re trying to separate practical capability from future promise in AI-driven security, this one’s for you!

Is AI Pentesting Just DAST in Disguise?

Is AI Pentesting Just DAST in Disguise? 🤖💥 Everyone’s talking about AI-powered pentesting - but is it actually useful, or just dressed-up DAST? In this episode, we dig into: - What AI tools really test (and what they miss) - Why they sometimes look better than they are - Hallucinations, pricing, and trust - How they compare to micro pen tests and manual reviews If you’re trying to make sense of AI in security testing, this one’s for you.

Does CAB Still Belong in Modern DevSecOps?

In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world? Traditionally seen as a gatekeeper for risk, CABs are often accused of slowing things down, blocking innovation, and creating more process than value. But can AI shift the role of CAB from bottleneck to enabler? We explore what a modern, AI-assisted CAB could look like, and whether change governance can finally move at the speed of development.

Is Vibe Coding a Developer Superpower or a Security Risk?

In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try to hack it. In this live pen testing session, we explore what happens when code is written without rules, and whether security still holds up under pressure.

Who Wins at Threat Modelling: AI or a Real Hacker?

In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well as a real human? We pit a seasoned pentester against our own AI tool in a live challenge, and the results might surprise you. 👉 Try the tool for yourself: https://www.cytix.io/change-analysis-tool

Can AI Replace Pentesters?

In Episode 6, Season 2, we unpack the explosive growth of AI and ask the critical question: could AI ever replace human pentesters? Subscribe to keep up to date with all new episodes, released every 2 weeks!

Hack it or Track it: The Hunt for Cyber Vulnerabilities

In Episode 5, Season 2, we dive into vulnerabilities and their detection methods, from automated scanners to human-led pen testing. Plus, we put our skills to the test in Hack it or Track it, where we break down real vulnerabilities, discussing how we’d exploit them and how we’d detect them before attackers do. Subscribe to keep up to date with all new episodes, released every 2 weeks!

1 de 4