The Tactical Application Security Program - Getting Stuff Done

The Tactical Application Security Program - Getting Stuff Done

Black Hat via YouTube Direct link

Importance of Communication During an Incident Incident success or failure is judged by others in your company • Coordination and communication are key

17 of 22

17 of 22

Importance of Communication During an Incident Incident success or failure is judged by others in your company • Coordination and communication are key

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

The Tactical Application Security Program - Getting Stuff Done

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 What security team do you want to work with?
  3. 3 Application Security and the Bravery of Tactical Execution • Application security programs do much better tactically
  4. 4 Lightweight and iterative
  5. 5 Focus on operational excellence, less on authority Example: Measure every meaningful aspect of your assessment and incident response programs. Share those results far and wide.
  6. 6 A Digression on Authority & Buy-In
  7. 7 Assessments have a Flow
  8. 8 Tactical Assessment Principles
  9. 9 Assessment Tactics
  10. 10 Navigating the wilderness of existential assessment questions
  11. 11 Pitfalls
  12. 12 Critical Security Bugs 77 Critical bugs handled in the past year
  13. 13 Handling Outside Reports . On call pentester to handle incoming reports
  14. 14 Determining Scope of Impact
  15. 15 Bug Classifications and Why We Built It
  16. 16 Sample Bug Classification Table
  17. 17 Importance of Communication During an Incident Incident success or failure is judged by others in your company • Coordination and communication are key
  18. 18 Communication Email Template
  19. 19 Reducing the Threat Surface
  20. 20 Public Bug Bounties Today • Main motivations for companies to build programs
  21. 21 What Do These Ratios Really Mean to Me?!
  22. 22 Wrapping Up • Tactical approaches to application security should be • Treat your assessment program like a consultancy • Application incident response may be the most important thing to get right the…

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.