Learn how to establish and maintain a robust Web Application Vulnerability Management Program in this informative conference talk. Explore key concepts like the Software Assurance Maturity Model, Building Security in Maturity Model, and Application Security Touchpoints. Discover the framework for effective vulnerability management, focusing on identifying and reducing risk. Gain insights into preparation steps, Dynamic Application Security Testing (DAST), building an inventory through reconnaissance, and implementing enrollment and remediation processes. Understand common mistakes to avoid and learn how to measure program success through metrics. Get practical advice on implementing web application vulnerability management on a budget, including recommendations for DAST tools.
Overview
Syllabus
Intro
Thought Experiment
Software Assurance Maturity Model
Building Security in Maturity Model
Application Security Touchpoints
Web Application Vulnerability Management Program
Web Application Vulnerability Management Framework
GOAL - Identify & Reduce Risk
Preparation
Dynamic Application Security Testing (DAST)
Building your Inventory. Reconnaissance
Enrollment Process
Remediation Process
Not Infrastructure Vulnerability Management Not a cookie cutter patch
Common Mistakes
Metrics
Web App VM On the Cheap Dynamic Application Security Testing EDAST Tools
