Joe Schottman
Purple Team testing, or the active collaboration of offensive and defensive staff during penetration tests, can help organizations address their most immediate security threats, increase the accuracy of testing, and create a feedback loop where both teams contribute to the success of the other. Typical Dynamic Application Security Testing (DAST) does not lend itself well to Purple Team practices. This talk covers the basics of conventional Purple Team exercises, the ways that application testing environments and tools often differ from penetration testing, and how application defenders and breakers can adapt to those differences to enable each other in an integrated fashion.
For defenders, learn how your insights into the overall environment and risks, knowledge of security controls, and the state of and output from applications being tested can lead to better, faster, and more actionable application security tests. For breakers, learn how to help defenders better recognize threats in logs and alerting systems and increase their ability to spot, stop, and mitigate real-world attacks. Both sides can benefit from fewer missed opportunities to work together to increase the security of their organization while reducing the friction that the often adversarial nature of security testing creates.