YoVDO

Practical AppSec - Quick Wins for More Secure Software

Offered By: LASCON via YouTube

Tags

LASCON Courses SQL Injection Courses Application Security (AppSec) Courses Application Development Courses Software Security Courses Threat Modeling Courses

Course Description

Overview

Discover practical strategies for enhancing application security in this 37-minute conference talk from LASCON 2014. Learn how to prioritize and implement quick wins to improve your software's security posture with limited resources. Explore various approaches including manual penetration testing, source code review, automated scanning, web application firewalls, threat modeling, and developer training. Gain insights on working effectively with development teams for remediation efforts. Understand how to measure progress and demonstrate improvement using a popular software security maturity model. Walk away with specific, actionable steps to strengthen your applications' security and raise the bar for potential attackers.

Syllabus

Intro
Sabre
About Dave
AppSec Mission
Complications
General Thoughts
Burp
Quick Wins
Finding Attack Surfaces
SSL Configuration
Sequel Injection
Crosssite Scripting
HTTP Response Headers
Engage Developers
AppSec maturity model
Alternatives


Taught by

LASCON

Related Courses

Comparing WAF and RASP - Why?
LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube