/aug 3, 2020

Man vs. Machine: Three-Part Virtual Series on the Human Element of AppSec

By Meaghan Mcbee

In 2011 when IBM’s Watson supercomputer went up against ‘Jeopardy’ icon Ken Jennings, the world watched as a battle of man vs. machine concluded in an impressive win for Watson. It wasn’t simply remarkable that Watson could complete calculations and source documents quickly; the real feat was the brainpower it took to create fine-tuned software with the ability to comprehend questions contextually and think like a human.

But Watson wasn’t without fault, struggling to understand some ‘Jeopardy’ categories that were a little too specific and reminding us that human beings still play a critical role in the successes (or failures) of modern technology. In application security (AppSec), there is no single set-it-and-forget-it solution that will ensure the health and fortitude of your code. Like Watson, the software can’t operate to its fullest potential without the right brainpower behind it, requiring thoughtful minds to understand where solutions plug in and to check code in ways that software cannot.  

The human element of ingenuity

Automation in AppSec testing tools is a prime example. It plays a critical role in scaling security operations and scanning for vulnerabilities to find them before they become expensive headaches. While that undoubtedly boosts efficiency and speed in the background, there’s a human element of ingenuity and adaptability that you can’t ignore: cyberattackers. They pivot quickly to crack your code whether you automate or not, which means your developers and security professionals need to be just as agile and close knowledge gaps to stay one step ahead as they leverage the right testing tools in the background. 

And while having a full range of scanning solutions integrated into your software development process will help you find and fix common flaws, Manual Penetration Testing (MPT) is crucial for uncovering categories of vulnerabilities - like business logic flaws - that you can’t automate with software. The bottom line: man and machine need to work together in AppSec, because like Watson, it takes a village of brainpower to come out on top.

There’s a lot to explore in the realm of man vs. machine, which is why we’re excited to partner with HackerOne for upcoming virtual events that uncover the ways you can work with technology, not against it. In this three-part series, we’re delving into topics like crowdsourced testing and automation to examine how you can strike the balance between capable software solutions and human-powered security. Here’s the lineup:

Part One | Man with Machine: Adapting SDLC for DevSecOps

To keep pace with modern software development, DevOps must work continuously to deliver applications to various infrastructure environments, automatically pushing code changes as they arise. Traditional security practices bog down development, frustrating development teams and causing unnecessary friction. This talk will cover the ways development and security teams can work together with automation and human-powered security at the speed of innovation. Join Veracode’s Chris Kirsch and Chris Wysopal as they chat with HackerOne’s CTO and Co-Founder Alex Rice to learn:

  • How security and development teams can partner to create a continuous feedback loop without hampering innovation.
  • How security becomes a competitive advantage through balancing speed with risk.
  • How to engage a diverse and creative pool of talent not available in traditional firms to test business-critical applications.

When: August 19th at 1:00 PM EST. Register here.

Part Two | Hacking Remote: Leveraging Automation and Crowdsourced Testing to Secure Your Enterprise  

As the world reacts to a global pandemic and the work-from-home model becomes the norm, people are more broadly distributed, and applications, systems, and infrastructures are more vulnerable than ever as a result. In this talk, we’ll discuss the undue strain put on security teams and delve into how leveraging automation and crowdsourced security testing allows your enterprise to scale security to accommodate their newly dispersed workforce. Join HackerOne’s Director of Product Marketing April Rassa and Director of Product Miju Han, along with Veracode’s Brittany O’Shea, to learn:

  • How to implement a security program with the scale necessary to cover a growing attack surface.
  • How to operate security at scale while reducing costs and removing the need for expensive headcount.
  • Trends and insights into the vulnerabilities impacting companies during a time of increased digital connectivity.

When: August 26th at 1:00 PM EST. Register here.

Part Three | Who Will Win the Fight of Automation?

In this talk, security leaders from Veracode and HackerOne will debate the unique values man and machine bring and discuss why companies need a complete security strategy that takes into account both the strengths of scale and speed technology can provide and the need for creative skills and adaptability only humans can bring. Join this talk with Tanner Emek and Johnny Nipper, two hackers from HackerOne, along with Veracode’s Ryan O’Boyle to learn:

  • The differences in vulnerabilities found by hackers vs. automated tools.
  • Suggestions for augmenting existing security best practices with a human touch.
  • When to choose between automation and human-powered security for your organization. 

When: September 2nd at 1:00 PM EST. Register here.

Armed with the right knowledge and tools, creating a well-rounded AppSec program that relies both on technology and human brainpower isn’t as daunting as it may seem. Join these virtual sessions by registering to gain more insight into the ways man and machine can work with – not against – each other on the journey to enhanced security. We hope to see you there! 


Related Posts

By Meaghan Mcbee

Meaghan McBee is a Senior Content Marketing Manager at Veracode, responsible for creating content around best practices in application security and the current state of DevSecOps.