Our current approach to application security assessment is inherently flawed. Automation tools only detect what they’re programmed to find and penetration testing is extremely limited by the selected firm and individual testers. Bug bounties build upon and improve upon these existing application security testing tools, bridging the gap between two parties that historically suck at getting along. By harnessing the human
creativity of the whitehat researcher community with a 'pay-for-results' model, bug bounties uncover more critical and exploitable vulnerabilities than traditional security testing–but it takes work and understanding.
As a cybersecurity industry veteran, Casey will analyze the evolution of the application security space over the past several years and address why the existing tools and practices are falling short. With data from hundreds of bug bounty programs, he will inspect the unlikely romance between companies who need to find security flaws before they’re exploited, and the hackers ready to help.