Главная
Study mode:
on
1
Intro
2
Disclaimer
3
The path of least resistance
4
AppSec Objective The goal of Application Security is to reduce the risks within an application!
5
Methods of AppSec
6
Static Analysis (Code Testing)
7
Dynamic Analysis The objective of performing a dynamic test is to attempt to verify the effectiveness of the secure coding testing This verification step is necessary in order to
8
Components of AppSec Web Applications
9
Manual Verification The objective of performing a final manual test is to smoke- test the final product and ensure that any anomalies discovered during prior assessment phases are verified to be clos…
10
Kaizen: Continuous Improvement
11
Additional Considerations
12
Start Simple, Start Small The vast majority of companies simply do not understand what many of us (Security People) do.
13
Why Policies & Standards Matter . During two phases, AppSec will have it's greatest influence: . Project Definition . System Overview Your greatest ability to influence a project starts here - the bu…
14
Align AppSec with SDLC
15
AppSec Program Expansion Considerations: . If you do not have a formal Quality Assurance Program, stand one up!
16
Trust but Verify ...
Description:
Learn how to build an effective application security program in this comprehensive conference talk from the Central Ohio InfoSec Summit 2016. Explore various methods of application security, including static and dynamic analysis, and understand the importance of manual verification. Discover the concept of Kaizen for continuous improvement in your security practices. Gain insights on starting small, aligning AppSec with SDLC, and expanding your program effectively. Understand why policies and standards matter, and learn how to influence projects from their inception. Delve into additional considerations such as setting up a quality assurance program and the importance of verifying security measures.

Building an Application Security Program

Add to list
#Conference Talks #Business #Management & Leadership #Quality Management #Quality Assurance #Business Management #Continuous Improvement #Information Security (InfoSec) #Cybersecurity #Application Security #Programming #Software Development #Software Testing #Dynamic Analysis #Static Analysis #Computer Science #Software Engineering #Software Development Life Cycle (SDLC)
00:00
-00:31
1 of 16

1 Intro