Next Generation Red Teaming - Integrating Application-Centric Attacks

Explore the evolution of red teaming in cybersecurity through this 46-minute OWASP Foundation conference talk. Delve into the limitations of traditional assessment methods and discover how to integrate application-specific attack surfaces into more effective red team efforts. Learn about composite, cross-domain attack vectors and their potential to identify organizational risks more comprehensively. Gain insights from real-world examples demonstrating the power of application-centric composite attacks in modern red teaming approaches. Understand key elements of successful red team setups, including threat modeling, business risk analysis, and the importance of considering the software attack surface. Examine the scalability of these advanced techniques and their significance in today's cybersecurity landscape.

Intro
Agenda
What Is Red Teaming?
Basic Elements Of A Red Team
Electronic
Social
Physical
Other Activities
Traditional Assessment Process
Why Is This Flawed?
Point In Time Risk Reliance Scenario
Setting Up A Successful Red Team
Threat Modeling And Threat Analysis
Business Goals And Risks
The Software Attack Surface
High Risk Of Low Risk Applications
Composite Attack Scenario
Why Bother?
Scalability