Turning Engineers into Extended Blue Team Members - Security Strategies
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore strategies for transforming software engineers into an extended blue team in this OWASP Global AppSec Tel Aviv conference talk. Learn how to empower engineers with tools, techniques, and processes to enhance security across the organization's infrastructure. Discover methods for evolving threat models using real-world incidents, creating incremental and rapid threat models, and implementing security tests to validate these models. Gain insights on leveraging Behavior-Driven Development (BDD) tests, contributing to the OWASP Cloud Security project, and educating product owners and project managers about threat vectors. Examine the benefits of proof-of-concept attack vectors, such as Cloudfront subdomain hijacking, for further model evolution and security awareness training. Understand how to build, evolve, and transfer ownership of threat models to engineering teams, create effective security champion programs, and integrate rapid threat modeling into the Software Development Life Cycle (SDLC).
Syllabus
Intro
Proof of Concepts
Security Test
Local Tests
Flask Web App
Dennis Cruz
Dennis
Attack Trees
Attack vectors
Elevation of privilege
Clouded cards
Open source tools
Taught by
OWASP Foundation
Related Courses
Advanced Testing Practices Using AWS DevOps Tools (Simplified Chinese)Amazon Web Services via AWS Skill Builder Advanced Testing Practices Using AWS DevOps Tools (Indonesian)
Amazon Web Services via AWS Skill Builder Advanced Testing Practices Using AWS DevOps Tools (Italian)
Amazon Web Services via AWS Skill Builder Advanced Testing Practices Using AWS DevOps Tools
Amazon Web Services via AWS Skill Builder API Testing a real web application via Postman
Coursera Project Network via Coursera