I’ve been doing some conference talks here in New Zealand and in Australia about removing the common misunderstandings and roadblocks I see defenders and engineering teams have working with external penetration testers and getting these teams working tighter.
James and Dan asked me if id like to have a bit of a more general chat about penetration testing with a bit of a QA focus I was happy to oblige (Show link).
Generally on the show we cover off:
What do you mean by penetration testing? What should it cover?
Can I do it myself? What is the advantage of an external pen tester?
What should I do to prepare / make the best of a penetration test?
What kind of things can I do to support our external security testers? Especially how do we handover the right context?
I want to learn more about penetration testing or become a pen tester, where do I turn?
How to choose a penetration testing company, should you use the same one every time or rotate?
How do your build a productive long term relationship with your external penetration testers.
I hope you all enjoy the show and it helps understanding penetration testing and give you some ideas as to how you can work tighter with penetration testers.
As always you’re welcome to send me an e-mail or chat to me on twitter (@SparkleOps ) if you have ideas you’d like to share or feedback.