any tenured AppSec people here?
in two large PoCs where I'm hearing two different but equally difficult demands from my DM/champion (yes the PoCs are a must, they happen 99% of the time for appsec testing solutions):
- I want you to test an in-house vulnerable app we built to see what your platform finds (nightmare zone)
- I want you to configure 1 billion workflows with your automated solution for the PoC and show us proof (impossible, takes 1000 hours, will break)
any ideas? we already have a few, but curious what outsiders have to say. I'll send you a cookie in the mail if you help.
8 comments