在不增加安全人员数量的情况下扩展应用安全计划.pdf

编号:982123 PDF 10页 514.20KB 下载积分:VIP专享
下载报告请您先登录!

1、#SECTORCA BlackHatEventsHow to Scale AppSec Without Scaling Security HeadcountWith Mario Lacroix&Will Yeager#SECTORCA BlackHatEventsSpeaker BiosMario LacroixMario is an Engineer with specializations in microelectronics,computer science,and security.For the past 19 years,Mario has worked at Accenture

2、,inside the Cloud and Application Security group.Will YeagerWill is a Cybersecurity Consulting Manager at Accenture where for 13 years hes helped clients tackle complex challenges across application security,SOC transformation,machine learning,and infrastructure management.#SECTORCA BlackHatEventsBu

3、siness(Requirements)Use Cases Threat ModelsDevelopment(Continuous Integration)Repo,Artifacts SAST,SCATest(Continuous Delivery)Testing URL DAST,API Pen TestOperations(Production)Infrastructure&production systems Bug BountySDLC Meets SecurityTypical ActivitiesOld Duration/Turn-Around TimeNew Duration/

4、Turn-Around TimeThreat ModelingWeeksNear Real-TimeSAST Scanning&False Positive AnalysisDays(multiple teams interacting)Self-Service(on Developers schedule)DAST Scanning&False Positive AnalysisDays(multiple teams interacting)Self-Service(on Developers schedule)Pen TestingWeeksNear Real-TimeInfra Fixe

5、sMultiple sprints(multiple teams interacting)Branch with fixes ready(on Developers schedule)#SECTORCA BlackHatEventsCustom DevOps Security ApproachSecurity Requirements(ArcBot)Developers Advisor(AppSecBot)Security Test Lifecycle(PenBot)Secure Prod(Gating)Visibility(AppNav)Business(Requirements)Use C

6、ases Threat ModelsDevelopment(Continuous Integration)Repo,Artifacts SAST,SCATest(Continuous Delivery)Testing URL DAST,API Pen TestOperations(Production)Infrastructure&production systems Bug Bounty#SECTORCA BlackHatEventsDevelopment PrioritizationFunctional Requirements GatheringNon-Functional Requir

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(在不增加安全人员数量的情况下扩展应用安全计划.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠