NorthSec 2023

An Introduction to Continuous Security Testing
2023-05-18, 10:00–12:00, Workshop 2

Our defenses are crucial in protecting us against security threats. But how can we be sure they're working as intended in our real environment? We do this by asking questions. Everywhere. Continuously. With the returning intelligence, we’re able to make decisions that will better harden our defenses.

These questions we need to be asking come in the form of Verified Security Tests (VSTs). VSTs are a more structured, scale-ready format of the TTP. These questions, such as "Will your computer quarantine a malicious Office document?", provide a single piece of intelligence to help fuel a decision.

In this workshop, attendees will:
- Get a brief introduction to VSTs and understand why they are designed for security testing at scale, in production environments
- Use Prelude Build, an open source IDE for security engineers to author VSTs, to create their own VST
- Learn about probes and how to deploy them on endpoints in order to accept, execute, and respond with the results of a VST
- Create a continuous security testing schedule

What is the language of your talk/workshop?


Octavia is a Principal Security Engineer at Prelude. Previously, they have worked in security roles at Ubisoft and as a volunteer with non-profits countering disinformation.