Explore the intricacies of various security testing methodologies through a real-world red team attack scenario in this 51-minute conference talk. Delve into the differences between security code reviews, white box testing, penetration testing, and red teaming, and learn when to apply each approach. Follow the attacker's journey from exploiting a user-facing XML-RPC interface to gaining root access on a database server and exfiltrating target data. Gain insights into how different tests enhance product security knowledge, the requirements for actionable results, and the importance of cross-team collaboration. Discover the benefits of expanding security tests beyond product features to encompass deployment environments, supporting processes, and personnel. Understand how to leverage test results to make informed decisions about additional security investments and improve overall product security.