In the second of the Let's Talk Security Testing vulnerability deep dive episodes, Ben and Tom explore access control issues. They explore:

• What are access control issues & practical examples
• How to identify access control issues
• How to prevent, find and fix them

Has the cyber security industry been ... lying to us? Do scanners provide the coverage whilst penetration tests provide the depth? Ben and Tom peel back the lid on this narrative to see if this is really the case...

In this first-of-its-type episode of Let's Talk Security Testing, Ben and Tom exclusively dive into the vulnerability, business logic flaws.

They discuss:

• How business logic flaws are created
• Where they're typically found
• Why they're unique
• Ways to optimise testing processes to find them more easily

Tom and Ben discuss:

• Determining the need for an internal pentesting team
• Setting up the team
• Key processes that lead to success

Ben and Tom discuss:

• The 3 primary sources of vulnerability creation
• A comparison of defensive cyber security approaches
• Challenges of route cause analysis

Join Ben and Tom in discussing:

• What do we mean by context in security testing?
• The reality of context in security testing
• Barriers to achieving context in security testing and how to overcome them

Ben and Tom share strategy options, how this translates to operations and resourcing, and what output to expect from an enterprise testing programme.

In episode 6 of Let's Talk Security Testing, we welcome our first guest to the studio, Senior Security Engineer, Christine Smoley.

Tom and Christine have an honest conversation on the cyber security vendor landscape, how vendors can make things easier in the buying process, and shared experiences in dealing with challenges of coordinating a security testing team.