Explore a groundbreaking approach to Security Development Lifecycle (SDL) called End-to-End Security Engineering in this 34-minute conference talk from AppSecUSA 2017. Learn how Twilio defines a 'perfect secure system' and generates metrics to measure security at each stage of the product lifecycle. Discover the six key components of a perfect secure system, including threat modeling, attack identification, monitoring, controls implementation, testing, and effectiveness evaluation. Gain insights into essential metrics for tracking security progress, such as the percentage of threat-modeled products, attack monitoring coverage, and control implementation rates. Benefit from the expertise of speakers Davit Baghdasaryan, Principal Security Engineer at Twilio, and Garrett Held, Head of Product Security at Twilio, as they share their experiences in building comprehensive security systems.
Overview
Syllabus
Measuring End-to-End Security Engineering - AppSecUSA 2017
Taught by
OWASP Foundation
Related Courses
-
Security Engineering: Secure Network Implementation for CompTIA SecurityX
-
Security Engineering: Secure Networks
-
Palo Alto Networks Cybersecurity Foundation
-
SC-100: Design security solutions for applications and data
-
Designing Robust Information System Security Architectures
-
OWASP Top 10 - A04:2021 - Insecure Design
