CISO Tradecraft: Setting Up an Application Security Program
CISO Tradecraft®
English - June 25, 2021 09:43 - 41 minutes - 56.7 MB - ★★★★★ - 46 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
On this episode of CISO Tradecraft, you can learn how to build an Application Security program.
Start with Key Questions for
Security
IT Operations
Application Development/Engineering Groups
Identify Key Activities
Asset Discovery
Asset Risk Prioritization
Mapping Assets Against Compliance Requirements
Setting up a Communications Plan
Perform Application Security Testing Activities
SAST
DAST
Vulnerability Scanners
Software Composition Analysis
Secrets Scanning
Cloud Security Scanning
Measure and Improve Current Vulnerability Posture through metrics
The number of vulnerabilities present in an application
The time to fix vulnerabilities
The remediation rate of vulnerabilities
The time vulnerabilities remain open
Defect Density - number of vulnerabilities per server
We also recommend reading the Microsoft Security Developer Life Cycle Practices Link
For more great ideas on setting up an application security program please read this amazing guide from WhiteHat Security Link
If you would like to improve cloud security scanning by automating Infrastructure as Code checks, then please check out Indeni CloudRail Link