Turning Engineers into Extended Blue Team Members - Security Strategies
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore strategies for transforming software engineers into an extended blue team in this OWASP Global AppSec Tel Aviv conference talk. Learn how to empower engineers with tools, techniques, and processes to enhance security across the organization's infrastructure. Discover methods for evolving threat models using real-world incidents, creating incremental and rapid threat models, and implementing security tests to validate these models. Gain insights on leveraging Behavior-Driven Development (BDD) tests, contributing to the OWASP Cloud Security project, and educating product owners and project managers about threat vectors. Examine the benefits of proof-of-concept attack vectors, such as Cloudfront subdomain hijacking, for further model evolution and security awareness training. Understand how to build, evolve, and transfer ownership of threat models to engineering teams, create effective security champion programs, and integrate rapid threat modeling into the Software Development Life Cycle (SDLC).
Syllabus
Intro
Proof of Concepts
Security Test
Local Tests
Flask Web App
Dennis Cruz
Dennis
Attack Trees
Attack vectors
Elevation of privilege
Clouded cards
Open source tools
Taught by
OWASP Foundation
Related Courses
Разработка корпоративных систем. Часть 2. Строгие методологии разработкиNational Research Nuclear University MEPhI via Coursera Cyber Security in the Software Development Life Cycle
Coventry University via FutureLearn DevOps Tutorial: Complete Beginners Training - 5 in 1 Bundle
Udemy How Cyber Security Affects the Software Development Life Cycle
Coventry University via FutureLearn ISTQB® Foundation: Testing throughout the Software Development Lifecycle
Pluralsight