当前位置:首页 > 报告详情

在不增加安全人员数量的情况下扩展应用安全计划.pdf

上传人: 竿*** 编号:982123 2025-11-29 10页 514.20KB

1、#SECTORCA BlackHatEventsHow to Scale AppSec Without Scaling Security HeadcountWith Mario Lacroix&Will Yeager#SECTORCA BlackHatEventsSpeaker BiosMario LacroixMario is an Engineer with specializations in microelectronics,computer science,and security.For the past 19 years,Mario has worked at Accenture

2、,inside the Cloud and Application Security group.Will YeagerWill is a Cybersecurity Consulting Manager at Accenture where for 13 years hes helped clients tackle complex challenges across application security,SOC transformation,machine learning,and infrastructure management.#SECTORCA BlackHatEventsBu

3、siness(Requirements)Use Cases Threat ModelsDevelopment(Continuous Integration)Repo,Artifacts SAST,SCATest(Continuous Delivery)Testing URL DAST,API Pen TestOperations(Production)Infrastructure&production systems Bug BountySDLC Meets SecurityTypical ActivitiesOld Duration/Turn-Around TimeNew Duration/

4、Turn-Around TimeThreat ModelingWeeksNear Real-TimeSAST Scanning&False Positive AnalysisDays(multiple teams interacting)Self-Service(on Developers schedule)DAST Scanning&False Positive AnalysisDays(multiple teams interacting)Self-Service(on Developers schedule)Pen TestingWeeksNear Real-TimeInfra Fixe

5、sMultiple sprints(multiple teams interacting)Branch with fixes ready(on Developers schedule)#SECTORCA BlackHatEventsCustom DevOps Security ApproachSecurity Requirements(ArcBot)Developers Advisor(AppSecBot)Security Test Lifecycle(PenBot)Secure Prod(Gating)Visibility(AppNav)Business(Requirements)Use C

6、ases Threat ModelsDevelopment(Continuous Integration)Repo,Artifacts SAST,SCATest(Continuous Delivery)Testing URL DAST,API Pen TestOperations(Production)Infrastructure&production systems Bug Bounty#SECTORCA BlackHatEventsDevelopment PrioritizationFunctional Requirements GatheringNon-Functional Requir

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **核心数据**: - 一年内,对700多个应用进行70,000+次安全审查。 - 漏洞创建量减少12倍。 - 扫描成本和努力减少40%。 - 第三方发现减少95%以上。 - **关键点**: - **ArcBot**:自动分析功能需求,自动指出风险并插入安全要求。 - **AppNav**:库存应用程序,展示元数据,总结漏洞状态,指导安全努力。 - **AppSecBot**:开发者聊天界面,提供自我服务,建议和修复协助。 - **PenBot**:测试渗透测试发现,确保修复,覆盖多个URL端点。 - **安全规模化**:通过自动化和工具减少对安全人员数量的依赖,提高效率。
如何实现高效安全审查?" AppSecBot如何助力开发?" 持续渗透测试,保障应用安全!"
客服
商务合作
小程序
服务号
折叠