Has the cyber security industry been ... lying to us? Do scanners provide the coverage whilst penetration tests provide the depth? Ben and Tom peel back the lid on this narrative to see if this is really the case...

In this first-of-its-type episode of Let's Talk Security Testing, Ben and Tom exclusively dive into the vulnerability, business logic flaws.

They discuss:

• How business logic flaws are created
• Where they're typically found
• Why they're unique
• Ways to optimise testing processes to find them more easily

Tom and Ben discuss:

• Determining the need for an internal pentesting team
• Setting up the team
• Key processes that lead to success

Ben and Tom discuss:

• The 3 primary sources of vulnerability creation
• A comparison of defensive cyber security approaches
• Challenges of route cause analysis

Join Ben and Tom in discussing:

• What do we mean by context in security testing?
• The reality of context in security testing
• Barriers to achieving context in security testing and how to overcome them

Ben and Tom share strategy options, how this translates to operations and resourcing, and what output to expect from an enterprise testing programme.

In episode 6 of Let's Talk Security Testing, we welcome our first guest to the studio, Senior Security Engineer, Christine Smoley.

Tom and Christine have an honest conversation on the cyber security vendor landscape, how vendors can make things easier in the buying process, and shared experiences in dealing with challenges of coordinating a security testing team.

In this episode of Let's Talk Security Testing we cover:

- Why LLMs are popular across working teams in general

- How this can be applied for security testing

- Myth busting LLM capabilities and security concerns