Completed
Focus on operational excellence, less on authority Example: Measure every meaningful aspect of your assessment and incident response programs. Share those results far and wide.
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
The Tactical Application Security Program - Getting Stuff Done
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What security team do you want to work with?
- 3 Application Security and the Bravery of Tactical Execution • Application security programs do much better tactically
- 4 Lightweight and iterative
- 5 Focus on operational excellence, less on authority Example: Measure every meaningful aspect of your assessment and incident response programs. Share those results far and wide.
- 6 A Digression on Authority & Buy-In
- 7 Assessments have a Flow
- 8 Tactical Assessment Principles
- 9 Assessment Tactics
- 10 Navigating the wilderness of existential assessment questions
- 11 Pitfalls
- 12 Critical Security Bugs 77 Critical bugs handled in the past year
- 13 Handling Outside Reports . On call pentester to handle incoming reports
- 14 Determining Scope of Impact
- 15 Bug Classifications and Why We Built It
- 16 Sample Bug Classification Table
- 17 Importance of Communication During an Incident Incident success or failure is judged by others in your company • Coordination and communication are key
- 18 Communication Email Template
- 19 Reducing the Threat Surface
- 20 Public Bug Bounties Today • Main motivations for companies to build programs
- 21 What Do These Ratios Really Mean to Me?!
- 22 Wrapping Up • Tactical approaches to application security should be • Treat your assessment program like a consultancy • Application incident response may be the most important thing to get right the…
