Explore the complex world of application security metrics in this 50-minute conference talk from the OWASP Foundation. Learn to distinguish between valuable indicators and potentially alarming metrics in the rapidly evolving AppSec landscape. Gain insights into selecting metrics that align with organizational security goals and risk appetite, aiming to raise AppSec maturity. Delve into various categories of AppSec metrics, including vulnerability density, time to remediation, and exploitability. Acquire tools and understanding to effectively communicate security metrics to stakeholders, facilitating informed decision-making and fostering a proactive security culture. Navigate the ocean of AppSec metrics to identify areas of concern, prioritize remediation efforts, and drive continuous improvement in your organization's application security posture.
Application Security Metrics: Identifying Key Indicators and Potential Red Flags
Overview
Syllabus
Metrics, metrics everywhere - from which ones I should be scared?
Taught by
OWASP Foundation
Related Courses
-
Software Security Metrics - Developing Key Indicators for Executives
-
Grow Up AppSec - A Case Study of Maturity Models and Metrics
-
Benchmarking Application Security Across Industries
-
Fix the Damned Software - Improving Application Security Design
-
50 Shades of AppSec - Lessons from Diverse Application Security Scenarios
