YoVDO

Turning Engineers into Extended Blue Team Members - Security Strategies

Offered By: OWASP Foundation via YouTube

Tags

Application Security (AppSec) Courses Blue Team Courses Software Security Courses Cloud Security Courses Software Development Life Cycle Courses Threat Modeling Courses Security Testing Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore strategies for transforming software engineers into an extended blue team in this OWASP Global AppSec Tel Aviv conference talk. Learn how to empower engineers with tools, techniques, and processes to enhance security across the organization's infrastructure. Discover methods for evolving threat models using real-world incidents, creating incremental and rapid threat models, and implementing security tests to validate these models. Gain insights on leveraging Behavior-Driven Development (BDD) tests, contributing to the OWASP Cloud Security project, and educating product owners and project managers about threat vectors. Examine the benefits of proof-of-concept attack vectors, such as Cloudfront subdomain hijacking, for further model evolution and security awareness training. Understand how to build, evolve, and transfer ownership of threat models to engineering teams, create effective security champion programs, and integrate rapid threat modeling into the Software Development Life Cycle (SDLC).

Syllabus

Intro
Proof of Concepts
Security Test
Local Tests
Flask Web App
Dennis Cruz
Dennis
Attack Trees
Attack vectors
Elevation of privilege
Clouded cards
Open source tools


Taught by

OWASP Foundation

Related Courses

Architecting Microsoft Azure Solutions
Microsoft via edX Internetwork Security
Indian Institute of Technology, Kharagpur via Swayam Network Security
Georgia Institute of Technology via Udacity Microsoft Professional Orientation : Cloud Administration
Microsoft via edX Cyber Threats and Attack Vectors
University of Colorado System via Coursera