GrrCon 2016 – What’s in your Top Ten? Intelligent Application Security Prioritization

Here’s something no one wants to admit: just because an application has been assessed doesn?t mean it’s secure. And what exactly, does ‘secure’ mean, anyway? One company’s ‘secure’ is another company’s disaster. If you don?t understand your business?s risk posture and threat landscape, then you?re probably not assessing the right stuff. Learn to organize and prioritize your application security resources based on intelligent threat exploration and controls analysis. In other words, identify your organization?s Top Ten. We?ll discuss a distinctive threat and architecture analysis methodology that extends beyond the traditional threat modeling approach. You’ll see how understanding the risk posture and threat landscape of individual applications (or whole business units) can shape the focus of you application security assurance activities. In this session, you will: – Be introduced to a unique risk and threat management tool that allows you to determine the inherent risk of an application in 10 minutes ? scrutinizing people, processes and technology. – Learn improved methods to discover and prioritize software and application threats. – Understand how risk and threat assessment results can be utilized to effectively tailor application security assurance activities like penetration testing and code reviews. – See how threat and risk assessment can contribute tangible benefits to your secure SDLC (software development life cycle). – Improve communications between your teams using this unique threat modeling methodology. Ultimately the demonstrated methodology will allow you to generate baseline security expectations that will guide your security and verification activities ? regardless of whether your applications are developed in-house, outsourced or purchased.
For More Information Please Visit:

Source: SecurityTube.Net @ March 5, 2017 at 06:37PM