Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
All content for The BlueHat Podcast is the property of Microsoft and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
Automating Dynamic Application Security Testing at Scale
The BlueHat Podcast
45 minutes
9 months ago
Automating Dynamic Application Security Testing at Scale
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft’s enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing.
In This Episode You Will Learn:
Overcoming the challenges of authenticated requests for DAST tools
The importance of API specs for DAST and how automation streamlines the process
Insights into how Microsoft uses DAST to protect its vast array of web services
Some Questions We Ask:
What's a lesson from this work that you can share with those without Microsoft's resources?
Can you explain what the transparent auth protocol is that you mentioned in the blog post?
How is your work reducing the manual effort needed to configure DAST system services?
Resources:
View Jason Geffner on LinkedIn
View Wendy Zenone on LinkedIn
View Nic Fillingham on LinkedIn
Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog
Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST
Related Microsoft Podcasts:
Microsoft Threat Intelligence Podcast
Afternoon Cyber Tea with Ann Johnson
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
The BlueHat Podcast
Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
