Go Purple! Adopt Purple Team Strategy to Augment Application Security Programs
Offered By: LASCON via YouTube
Course Description
Overview
Explore a comprehensive conference talk on adopting a purple team strategy to enhance application security programs. Learn about the challenges faced in modern software development, including the shift to microservices and the rise of DevOps. Discover the limitations of traditional security approaches and the advantages of implementing a purple team strategy. Understand how purple teams combine defensive security controls from blue teams with exploitation techniques from red teams to create a unified security approach. Gain insights into breaking artificial boundaries, transforming security from a checkpoint to an integrated function, and improving collaboration between security professionals and developers. Examine the traits and methodology of purple teams, their influence on various groups, and how they can augment the effectiveness of application security programs. Delve into key aspects of the purple team approach, including application inventory, engagement strategies, security planning, full-stack assessment, and effective vulnerability communication. Acquire knowledge on implementing a positive security process and measuring the success of your application security program using the purple team methodology.
Syllabus
Intro
Go Purple! Adopt purple team strategy to augment Application Security Programs
Challenges
Application Security Program Elements
Blue Team vs Red team
Economics of fixing Security Bugs
Purple team (Realist)
Blue Team (Optimist) vs Red team (Paranoid)
Security within SDLC
Checkpoint Approach
Secure DevOps Approach
Purple Team Approach
Key Aspects
Foundations for a Positive Security Process
Application Security Program Ithe Purple wall
Application Security Program the Purple way!
Application Inventory
Engagement
Unrestricted File Upload
Blind XSS
Security Plan
Full Stack Assessment
Reporting
How do you communicate a vulnerability?
Remediation Consulting
Metrics
Conclusion
Taught by
LASCON
Related Courses
Security Assessment and TestingPackt via Coursera Cybersecurity Careers: Become an Identity and Access Management Manager
LinkedIn Learning PowerShell for Security Professionals
LinkedIn Learning Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques
Pluralsight Privilege Escalation with UACMe
Pluralsight