Rapid Assessment of Service and Application Security - Application Design and Architecture

Learn how to rapidly assess the security posture of your application or service in this 48-minute tutorial. Discover a methodology to identify major security gaps in just an hour or two, even in fast-paced environments with limited access to security experts. Follow along as the instructor guides you through a sample application, demonstrating how to evaluate network connections, authorization checks, input validation, patching, secure storage, and authentication. Gain insights into common software vulnerabilities, CWEs, CVEs, and IT infrastructure vulnerabilities. By the end of this session, you'll be equipped with the knowledge to confidently identify and prioritize security vulnerabilities in your applications, improving your overall security posture.

Introduction
Objective
Caveat
Methodology
Connection Detail Table
L1- The Startup Minimum
L2- The Midsized Company Software Team
L1- Are all network connections secure?
L1- Is every action authorization checked
L1- Are all inputs validated and sanitized?
L2- Patching and Updates
L2- Secure Storage
L2- Strong Authentication
L2- Know Common s/w Vulnerabilities and Mitigations
CWEs and CVEs
Common IT Infrastructure Vulnerabilities
Q&A