Friday Jun 25, 2021
#35 - Setting Up an Application Security Program
On this episode of CISO Tradecraft, you can learn how to build an Application Security program.
- Start with Key Questions for
- Security
- IT Operations
- Application Development/Engineering Groups
- Identify Key Activities
- Asset Discovery
- Asset Risk Prioritization
- Mapping Assets Against Compliance Requirements
- Setting up a Communications Plan
- Perform Application Security Testing Activities
- SAST
- DAST
- Vulnerability Scanners
- Software Composition Analysis
- Secrets Scanning
- Cloud Security Scanning
- Measure and Improve Current Vulnerability Posture through metrics
- The number of vulnerabilities present in an application
- The time to fix vulnerabilities
- The remediation rate of vulnerabilities
- The time vulnerabilities remain open
- Defect Density - number of vulnerabilities per server
We also recommend reading the Microsoft Security Developer Life Cycle Practices Link
For more great ideas on setting up an application security program please read this amazing guide from WhiteHat Security Link
If you would like to improve cloud security scanning by automating Infrastructure as Code checks, then please check out Indeni CloudRail Link
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.