Overview
Learn effective purple team strategies for application security in this 34-minute OWASP Foundation talk. Explore the concepts of blue and red teams, vulnerability testing, and push application security. Discover the purple spectrum and understand why purple is not a team. Examine dynamic application security, including tools like Durbuster and SQL injection techniques. Gain insights into blue team training, testing security infrastructure, and the importance of automation and repeatability. Understand the challenges of silos and noise in security testing, and learn how to improve visibility and integration between red and blue teams for more effective application security.
Syllabus
Intro
Welcome
About me
Disclaimer
Eugene Hoots
Agenda
Purple Team
Blue Team
Red vs Blue
Definitions
Vulnerability Testing
Push Application Security
Purple Spectrum
Purple is not a team
When everything works
Silos
Dynamic Application Security
Durbuster
SQL Injection
Visibility
Noise
Often Tested
Blue Team Training
Testing Security Infrastructure
Not Receiving Test Results
Automation and repeatability
Integration
Red Team
BlueTeam
Wrapping Up
Taught by
OWASP Foundation