Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testin...
Your attack surface is bigger, and more unknown than you think. Learn how modern environments (cloud, SaaS, identity) are reshaping risk, and how to prioritize what actually matters. Thank you to our sponsor for this webcast, Axonius! If you don’t know what assets you have, you don’t know your risk. Learn how to fix it at https://scworld.com/webcas...
Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his experience building a red team, creating an exercise, and leveraging the...
In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include: Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent...
So much of appsec’s efforts can be consumed by vuln management and a race to patch security flaws. But that’s more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the concept sounds familiar to secure by design, and why organizations still struggle with creating effecti...
Founded in 2020, Escape's platform utilizes AI agents to simulate attacker behavior, identifying vulnerabilities in live environments that stem from application logic, configuration, and integrations post-deployment.
A new report from Corporation Service Co. (CSC) reveals that 67% of Global 2000 companies have implemented fewer than half of recommended domain security measures.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
