Friday Jun 25, 2021

#35 - Setting Up an Application Security Program

On this episode of CISO Tradecraft, you can learn how to build an Application Security program.

  1.  Start with Key Questions for
    • Security
    • IT Operations
    • Application Development/Engineering Groups
  2. Identify Key Activities
    • Asset Discovery
    • Asset Risk Prioritization
    • Mapping Assets Against Compliance Requirements
    • Setting up a Communications Plan
  3. Perform Application Security Testing Activities
    • SAST
    • DAST
    • Vulnerability Scanners
    • Software Composition Analysis
    • Secrets Scanning
    • Cloud Security Scanning
  4. Measure and Improve Current Vulnerability Posture through metrics
    • The number of vulnerabilities present in an application
    • The time to fix vulnerabilities
    • The remediation rate of vulnerabilities
    • The time vulnerabilities remain open
    • Defect Density - number of vulnerabilities per server

We also recommend reading the Microsoft Security Developer Life Cycle Practices Link

For more great ideas on setting up an application security program please read this amazing guide from WhiteHat Security Link

If you would like to improve cloud security scanning by automating Infrastructure as Code checks, then please check out Indeni CloudRail Link

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2024 All rights reserved.

Podcast Powered By Podbean

Version: 20241125