How to do application security right
Download as PPTX, PDF0 likes154 views
The document discusses various approaches and resources for enhancing organizational security, emphasizing the importance of both in-house expertise and external teams. It addresses common security testing methodologies and types, highlighting the necessity of properly understanding services such as penetration testing and vulnerability assessments. Additionally, it promotes Infosec Skills educational programs, providing extensive training options and resources for cybersecurity professionals.
How to do application security right
- 2. Meet the panel Executive Partner, Independent Security Evaluators Infosec Skills Author Jeff Peters Director of Content Marketing Infosec Ted Harrington
- 3. Additional training resources More from Ted Harrington ⮚ How to secure your software faster and better (ebook) ⮚ Ted’s Infosec Resources articles ⮚ How to Do Application Security Right courses (need to create a free Infosec Skills account) Other free resources from Infosec ⮚ Infosec Skills Monthly Challenge ⮚ Infosec YouTube channel ⮚ Infosec Accelerate Scholarship
- 4. Agenda: 10 mistakes organizations make
- 5. Challenges: Skills shortage “Your best option is to take a two-pronged approach: build your own expertise in-house, and also hire an external security team.” Organizational security External team In-house experts
- 6. Testing: What methodology? Black box is a testing methodology that limits information White box is a testing methodology that maximizes information vs.
- 7. Testing: What type? “Asking for penetration testing, being sold vulnerability scanning, but likely need vulnerability assessments.” Scanning Penetration testing Vulnerability assessments
- 8. Find and remediate issues Source: Hackable “Advanced tactics is where the magic happens. When you go beyond the basics, that’s where the critical-type issues are found.”
- 9. Let’s talk money! “No rational person wants anything to be 25 times harder or 10.1 percent more expensive than it needs to be. Yet, companies do this all the time when they choose to bolt on security.” Source: Hackable
- 10. Questions?
- 11. 15 scholarships. 5 categories. $225,000+ value.
- 12. Learn cybersecurity with Infosec Skills Infosec Skills subscription: ➢ 190+ role-based learning paths (e.g., Ethical Hacking, Digital Forensics, Advanced Intrusion Detection) ➢ 100s of hands-on labs in cloud-hosted cyber ranges ➢ Custom certification practice exams and skill assessments aligned to key cybersecurity roles Infosec Skills live boot camp: ➢ Live, instructor-led training (in-person or live online) ➢ Free annual Infosec Skills subscription ➢ 1-year extended access to all boot camp video replays and materials ➢ Exam voucher and Exam Pass Guarantee infosecinstitute.com/skills
- 13. About us Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. www.infosecinstitute.com