Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec

August 6, 2020 HackerOne Team

In 2011, when IBM’s Watson supercomputer went up against ‘Jeopardy’ icon Ken Jennings, the world watched as a battle of man vs. machine concluded in an impressive win for Watson. It wasn’t simply remarkable that Watson could complete calculations and source documents quickly; the real feat was the brainpower it took to create fine-tuned software with the ability to comprehend questions contextually and think like a human. 


But Watson wasn’t without fault, struggling to understand some ‘Jeopardy’ categories that were a little too specific and reminding us that human beings still play a critical role in the successes (or failures) of modern technology. In application security (AppSec), there is no single set-it-and-forget-it solution that will ensure the health and fortitude of your code. Like Watson, the software can’t operate to its fullest potential without the right brainpower behind it, requiring thoughtful minds to understand where solutions plug in and to check code in ways that software cannot.  

Automation in AppSec testing tools is a prime example. It plays a critical role in scaling security operations and scanning for vulnerabilities to find them before they become expensive headaches. While that undoubtedly boosts efficiency and speed in the background, there’s a human element of ingenuity and adaptability that you can’t ignore: cyber attackers. They pivot quickly to crack your code whether you automate or not, which means your developers and security professionals need to be just as agile and close knowledge gaps to stay one step ahead as they leverage the right testing tools in the background.  

And while having a full range of scanning solutions integrated into your software development process will help you find and fix common flaws, Manual Penetration Testing (MPT) is crucial for uncovering categories of vulnerabilities - like business logic flaws - that you can’t automate with software. The bottom line: man and machine need to work together in AppSec, because like Watson, it takes a village of brainpower to come out on top. 

There’s a lot to explore in the realm of man vs. machine, which is why we’re excited to explore the ways you can work with technology, not against it. In this three-part series, we’re delving into topics like crowdsourced testing and automation to examine how you can strike the balance between capable software solutions and human-powered security. Here’s the lineup:

Part One | Human with Machine: Adapting SDLC for DevSecOps

To keep pace with modern software development, DevOps must work continuously to deliver applications to various infrastructure environments, automatically pushing code changes as they arise. Traditional security practices bog down development, frustrating development teams and causing unnecessary friction. This talk will cover the ways development and security teams can work together with automation and human-powered security at the speed of innovation. Join HackerOne’s CTO and Co-Founder Alex Rice as they chat with Veracode's Chris Kirsch and Chris Wysopal to learn:

  • How security and development teams can partner to create a continuous feedback loop without hampering innovation.
  • How security becomes a competitive advantage through balancing speed with risk.
  • How to engage a diverse and creative pool of talent not available in traditional firms to test business critical applications.

When: August 19th at 1:00 PM EST

Register here.

Part Two | Hacking Remote: Leveraging Automation and Crowdsourced Testing to Secure Your Enterprise  

As the world reacts to a global pandemic and the work-from-home model becomes the norm, people are more broadly distributed, and applications, systems and infrastructures are more vulnerable than ever as a result. In this talk, we’ll discuss the undue strain put on security teams and delve into how leveraging automation and crowdsourced security testing allows your enterprise to scale security to accommodate their newly dispersed workforce. Join HackerOne’s Director of Product Marketing April Rassa and Director of Product Miju Han, along with Veracode’s Brittany O’Shea, to learn:

  • How to implement a security program with the scale necessary to cover a growing attack surface.
  • How to operate security at scale while reducing costs and removing the need for expensive headcount.
  • Trends and insights into the vulnerabilities impacting companies during a time of increased digital connectivity.

When: August 26th at 1:00 PM EST

Register here.

Part Three | Who Will Win the Fight of Automation?

In this talk, security leaders from Veracode and HackerOne will debate the unique values man and machine bring and discuss why companies need a complete security strategy that takes into account both the strengths of scale and speed technology can provide and the need for creative skills and adaptability only humans can bring. Join this talk with Tanner Emek and Johnny Nipper, two hackers from HackerOne, along with Veracode’s Ryan O’Boyle to learn:

  • The differences in vulnerabilities found by hackers vs. automated tools.
  • Suggestions for augmenting existing security best practices with a human touch.
  • When to choose between automation and human-powered security for your organization. 

When: September 2nd at 1:00 PM EST

Register here.

Armed with the right knowledge and tools, creating a well-rounded AppSec program that relies both on technology and human brainpower isn’t as daunting as it may seem. Join these virtual sessions by registering here to gain more insight into the ways man and machine can work with – not against – each other on the journey to enhanced security. We hope to see you there!  

Previous Article
Hacker Spotlight: Interview with Ziot
Hacker Spotlight: Interview with Ziot

Ziot, otherwise known as Brett Buerhaus, lives and breathes cybersecurity. When he’s not working as a Secur...

Next Article
Securing video streaming in sub-Saharan Africa
Securing video streaming in sub-Saharan Africa

Guest post by Jan Spitalnik, CTO of subscription video on demand service, Showmax Maintaining a video stre...