Completed
Determining Scope of Impact
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
The Tactical Application Security Program - Getting Stuff Done
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What security team do you want to work with?
- 3 Application Security and the Bravery of Tactical Execution • Application security programs do much better tactically
- 4 Lightweight and iterative
- 5 Focus on operational excellence, less on authority Example: Measure every meaningful aspect of your assessment and incident response programs. Share those results far and wide.
- 6 A Digression on Authority & Buy-In
- 7 Assessments have a Flow
- 8 Tactical Assessment Principles
- 9 Assessment Tactics
- 10 Navigating the wilderness of existential assessment questions
- 11 Pitfalls
- 12 Critical Security Bugs 77 Critical bugs handled in the past year
- 13 Handling Outside Reports . On call pentester to handle incoming reports
- 14 Determining Scope of Impact
- 15 Bug Classifications and Why We Built It
- 16 Sample Bug Classification Table
- 17 Importance of Communication During an Incident Incident success or failure is judged by others in your company • Coordination and communication are key
- 18 Communication Email Template
- 19 Reducing the Threat Surface
- 20 Public Bug Bounties Today • Main motivations for companies to build programs
- 21 What Do These Ratios Really Mean to Me?!
- 22 Wrapping Up • Tactical approaches to application security should be • Treat your assessment program like a consultancy • Application incident response may be the most important thing to get right the…
