YoVDO

Go Purple! Adopt Purple Team Strategy to Augment Application Security Programs

Offered By: LASCON via YouTube

Tags

LASCON Courses Red Team Courses Blue Team Courses Application Security Courses

Course Description

Overview

Explore a comprehensive conference talk on adopting a purple team strategy to enhance application security programs. Learn about the challenges faced in modern software development, including the shift to microservices and the rise of DevOps. Discover the limitations of traditional security approaches and the advantages of implementing a purple team strategy. Understand how purple teams combine defensive security controls from blue teams with exploitation techniques from red teams to create a unified security approach. Gain insights into breaking artificial boundaries, transforming security from a checkpoint to an integrated function, and improving collaboration between security professionals and developers. Examine the traits and methodology of purple teams, their influence on various groups, and how they can augment the effectiveness of application security programs. Delve into key aspects of the purple team approach, including application inventory, engagement strategies, security planning, full-stack assessment, and effective vulnerability communication. Acquire knowledge on implementing a positive security process and measuring the success of your application security program using the purple team methodology.

Syllabus

Intro
Go Purple! Adopt purple team strategy to augment Application Security Programs
Challenges
Application Security Program Elements
Blue Team vs Red team
Economics of fixing Security Bugs
Purple team (Realist)
Blue Team (Optimist) vs Red team (Paranoid)
Security within SDLC
Checkpoint Approach
Secure DevOps Approach
Purple Team Approach
Key Aspects
Foundations for a Positive Security Process
Application Security Program Ithe Purple wall
Application Security Program the Purple way!
Application Inventory
Engagement
Unrestricted File Upload
Blind XSS
Security Plan
Full Stack Assessment
Reporting
How do you communicate a vulnerability?
Remediation Consulting
Metrics
Conclusion


Taught by

LASCON

Related Courses

Security Assessment and Testing
Packt via Coursera
Cybersecurity Careers: Become an Identity and Access Management Manager
LinkedIn Learning
PowerShell for Security Professionals
LinkedIn Learning
Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques
Pluralsight
Privilege Escalation with UACMe
Pluralsight