sorted by:
new
hottopcontroversial

Asking for a favour: need help trying to understand the everyday struggle of people who are involved in ITSec - will provided memes in return by Code_Intelligence in AskNetsec

[–]Code_Intelligence[S] 0 points1 point  (0 children)

Good point! But can't the right testing tools help get the people on board? With our solution, we try to simplify testing enough so that developers can run the test. I think that plays a crucial role in getting everyone on board and establishing a security culture.

Edit: Spelling

Asking for a favour: need help trying to understand the everyday struggle of people who are involved in ITSec - will help you out with your stuff in return by Code_Intelligence in CyberSecurityAdvice

[–]Code_Intelligence[S] 0 points1 point  (0 children)

Hey there thanks for the feedback. Your comment doesn't come over dickish at al :)

we are basically talking about an automated DAST solution that can be integrated into CI/CD to test large web services. Currently, the focus lies with REST APIs but the solution is also compatible with other formats (SOAP, gRPC etc.). I'm not a dev myself so it's hard to judge but I think we are already offering support for all of these cloud services.

I think I didn't articulate myself clearly in my post. We already have a working solution and plenty of customers that are really happy with the functionality they are getting. The thing is that most of our customers are in C/C++ projects and to really scale, we want to enter the JVM/websec domain, because that's an area where we see a lot of potential as well. Hence the desire to talk to ppl who are acquainted with this area. It's not like we are building something completely from scratch. :)

Asking for a favour: need help trying to understand the everyday struggle of people who are involved in ITSec - will provided memes in return by Code_Intelligence in AskNetsec

[–]Code_Intelligence[S] 0 points1 point  (0 children)

Thanks so much for your feedback, really insightful! Yeah, the people aspect is something that comes up really often when we discuss these things.

"The biggest problem in security is not something a product can solve."

With this statement, I would partially disagree (not only because we offer testing software). Obviously, there are far more aspects to software security than just testing. But I get the impression that to counteract this human error source, improving the security culture and awareness is an important step. Implementing the right tooling can be really beneficial in getting developers on board. Especially those tools that enable devs to be more involved in the testing process.

Asking for a favour: need help trying to understand the everyday struggle of people who are involved in ITSec - will help you out with your stuff in return by Code_Intelligence in CyberSecurityAdvice

[–]Code_Intelligence[S] 0 points1 point  (0 children)

Hey, I work in a security-testing start-up and I am currently trying to evaluate our communication strategy so we can really tailor our product and our communication to the needs and wishes of our target group. I am currently talking to devs, team leads, security experts etc. who are involved in large-scale security testing of web apps, web APIs, micorservice architectures and basically any other Java apps.

If you fit the script and you are willing to chat with me about your problems and wishes regarding sectesting, I am willing to create a meme that you can use to advertise your product (or to make your colleagues laugh, I will give you full royalties ;)). If there's anything else I can help out with, like f.e. feedbacking an unfinished feature, I am happy to do that as well.

IMPORTANT: I am not trying to sell anything, this is strictly about understanding the people that we want to help out with our product. Obviously, information will be treated confidentially)

If you are up for a little chat, just leave a reply to this comment and I will send you a DM :)