A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


What's in your Top Ten? Intelligent Application Security Prioritization - Tony Miller GrrCON 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

What's in your Top Ten? Intelligent Application Security Prioritization
Tony Miller
GrrCON 2016

@tjmmgd

Here's something no one wants to admit: just because an application has been assessed doesn?t mean it's secure. And what exactly, does 'secure' mean, anyway? One company's 'secure' is another company's disaster. If you don?t understand your business?s risk posture and threat landscape, then you?re probably not assessing the right stuff. Learn to organize and prioritize your application security resources based on intelligent threat exploration and controls analysis. In other words, identify your organization?s Top Ten. We?ll discuss a distinctive threat and architecture analysis methodology that extends beyond the traditional threat modeling approach. You'll see how understanding the risk posture and threat landscape of individual applications (or whole business units) can shape the focus of you application security assurance activities. In this session, you will: - Be introduced to a unique risk and threat management tool that allows you to determine the inherent risk of an application in 10 minutes ? scrutinizing people, processes and technology. - Learn improved methods to discover and prioritize software and application threats. - Understand how risk and threat assessment results can be utilized to effectively tailor application security assurance activities like penetration testing and code reviews. - See how threat and risk assessment can contribute tangible benefits to your secure SDLC (software development life cycle). - Improve communications between your teams using this unique threat modeling methodology. Ultimately the demonstrated methodology will allow you to generate baseline security expectations that will guide your security and verification activities ? regardless of whether your applications are developed in-house, outsourced or purchased.

Back to GrrCON 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast