YoVDO

Turning Engineers into Extended Blue Team Members - Security Strategies

Offered By: OWASP Foundation via YouTube

Tags

Application Security (AppSec) Courses Blue Team Courses Software Security Courses Cloud Security Courses Software Development Life Cycle Courses Threat Modeling Courses Security Testing Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore strategies for transforming software engineers into an extended blue team in this OWASP Global AppSec Tel Aviv conference talk. Learn how to empower engineers with tools, techniques, and processes to enhance security across the organization's infrastructure. Discover methods for evolving threat models using real-world incidents, creating incremental and rapid threat models, and implementing security tests to validate these models. Gain insights on leveraging Behavior-Driven Development (BDD) tests, contributing to the OWASP Cloud Security project, and educating product owners and project managers about threat vectors. Examine the benefits of proof-of-concept attack vectors, such as Cloudfront subdomain hijacking, for further model evolution and security awareness training. Understand how to build, evolve, and transfer ownership of threat models to engineering teams, create effective security champion programs, and integrate rapid threat modeling into the Software Development Life Cycle (SDLC).

Syllabus

Intro
Proof of Concepts
Security Test
Local Tests
Flask Web App
Dennis Cruz
Dennis
Attack Trees
Attack vectors
Elevation of privilege
Clouded cards
Open source tools


Taught by

OWASP Foundation

Related Courses

Web Application Development: Security
University of New Mexico via Coursera Systems and Application Security
(ISC)² via Coursera Cloud Application Security
University of Minnesota via Coursera Microsoft Azure Solutions Architect: Implement an Application Security Strategy
Pluralsight DevSecOps: Continuous Application Security
LinkedIn Learning