On this two part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part one, we focus on the difference between pen testing and web app pen testing, where pen testing fits in you development methodology (waterfall, agile, and DevOps) and why someone should care about it.

I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in the security field for over 10 years, with most of that time focused on application security. He spent two years as a full-time consultant at Cigital, and is now doing independent appsec consulting through his company, Enigma Technologies. We hope you enjoy!