An Introduction to Continuous Security Testing

Back to the list of Speakers and Sessions

Our defenses are crucial in protecting us against security threats. But how can we be sure they're working as intended in our real environment? We do this by asking questions. Everywhere. Continuously. With the returning intelligence, we’re able to make decisions that will better harden our defenses.

These questions we need to be asking come in the form of Verified Security Tests (VSTs). VSTs are a more structured, scale-ready format of the TTP. These questions, such as "Will your computer quarantine a malicious Office document?", provide a single piece of intelligence to help fuel a decision.

In this workshop, attendees will: - Get a brief introduction to VSTs and understand why they are designed for security testing at scale, in production environments - Use Prelude Build, an open source IDE for security engineers to author VSTs, to create their own VST - Learn about probes and how to deploy them on endpoints in order to accept, execute, and respond with the results of a VST - Create a continuous security testing schedule

Participants should prepare by:

Experience with offensive security and/or purple teaming is helpful, but absolutely not required.

Participants must have the following equipment:

VMs welcome.

Octavia Hexe ,

Octavia is an independent security researcher. They have worked in security engineering, purple team, adversary emulation roles, and as a volunteer with non-profits countering disinformation.