No More Monkey Business - Quality Assurance in Penetration Testing

Explore a critical examination of quality assurance in penetration testing during this 46-minute LASCON conference talk. Delve into the challenges faced by software development programs during security audits, including risk assessments, security scanning, and penetration testing. Examine the alarming trends in the degradation of security testing quality and the lack of quality assurance governing these activities. Discover real-world examples of poor-quality penetration testing results and their impact on engineering teams. Learn about the rapid growth of the security testing field and its potential contribution to declining quality. Gain insights into improving security testing knowledge and skills, implementing assurance methods based on sound engineering principles, and maintaining high standards of excellence in the industry. Understand the importance of quality certifications and passion for bettering the field for those interested in or new to security testing.

Introduction
Why Im here
Red Flags
Recent Trends
Misunderstanding the Craft
Top Mistakes
False Positives
Lack of Understanding
Poor Reporting
Bad Reporting
Crosssite scripting injection
Tool blunders
Scanner blunders
Quality Assurance