SlideShare a Scribd company logo

Security Operations

A
ankitmehta21
TechnologyBusiness
1 of 32
Software Security Initiative James Walden Northern Kentucky University
Topics ,[object Object],[object Object],[object Object]
Software Security Practices ,[object Object],[object Object],[object Object],Security Operations Requirements Design Coding Testing Maintenance Risk Analysis Abuse Cases Code Reviews + Static Analysis Penetration Testing Security Testing ,[object Object],[object Object],[object Object]
Security Operations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Code Deployment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Web Application Firewalls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Modes of Operation ,[object Object],[object Object],[object Object],[object Object]
Modes of Operation Bridge or Router Embedded Reverse Proxy
SSL ,[object Object],[object Object],[object Object]
Traffic Blocking ,[object Object],[object Object],[object Object]
Traffic Blocking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Canonicalization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Signatures and Rules ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI Maturity Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using the Maturity Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Software Security Framework ,[object Object],[object Object],[object Object],[object Object]
Software Security Framework
Practices and Business Goals
Strategy and Metrics
Compliance and Policy
Training
Attack Models
Security Features and Design
Standards and Requirements
Architecture Analysis
Code Review
Security Testing
Penetration Testing
Software Environment
Configuration Management
Ten Core Activities Everyone Does
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 

Recommended

A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxCheckmarx
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Brief on my skill sets
Brief on my skill setsBrief on my skill sets
Brief on my skill setsSharda S. Khati
 
Inspirational Quotations from Movies
Inspirational Quotations from MoviesInspirational Quotations from Movies
Inspirational Quotations from Moviesankitmehta21
 
Propositie masterproef
Propositie masterproefPropositie masterproef
Propositie masterproefDimitri Léonard
 

More Related Content

What's hot

Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxCheckmarx
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 

What's hot (20)

Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's Toolbox
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Brief on my skill sets
Brief on my skill setsBrief on my skill sets
Brief on my skill sets
 

Viewers also liked

Inspirational Quotations from Movies
Inspirational Quotations from MoviesInspirational Quotations from Movies
Inspirational Quotations from Moviesankitmehta21
 
Motivational quotes
Motivational quotesMotivational quotes
Motivational quotesankitmehta21
 
Linux – getting started
Linux – getting startedLinux – getting started
Linux – getting startedankitmehta21
 
Elissa and Jeff 4
Elissa and Jeff 4Elissa and Jeff 4
Elissa and Jeff 4StevenCohen
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Securityankitmehta21
 
Instant Single Sign-On and Two-Factor Authentication
Instant Single Sign-On and Two-Factor AuthenticationInstant Single Sign-On and Two-Factor Authentication
Instant Single Sign-On and Two-Factor AuthenticationMaarten Ectors
 
Energy Optimized Link Selection Algorithm for Mobile Cloud Computing
Energy Optimized Link Selection Algorithm for Mobile Cloud ComputingEnergy Optimized Link Selection Algorithm for Mobile Cloud Computing
Energy Optimized Link Selection Algorithm for Mobile Cloud ComputingEswar Publications
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
Mobile Two Factor Authentication
Mobile Two Factor AuthenticationMobile Two Factor Authentication
Mobile Two Factor AuthenticationCarter Rabasa
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 
Updating Security Operations for the Cloud
Updating Security Operations for the CloudUpdating Security Operations for the Cloud
Updating Security Operations for the CloudAmazon Web Services
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...
2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...
2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...IEEEFINALYEARSTUDENTSPROJECTS
 
Disseminating Traffic Information in Vehicular Networks
Disseminating Traffic Information in Vehicular NetworksDisseminating Traffic Information in Vehicular Networks
Disseminating Traffic Information in Vehicular NetworksEswar Publications
 
Exam II Review Session Information Security 365/765
Exam II Review Session Information Security 365/765Exam II Review Session Information Security 365/765
Exam II Review Session Information Security 365/765Nicholas Davis
 

Viewers also liked (20)

Inspirational Quotations from Movies
Inspirational Quotations from MoviesInspirational Quotations from Movies
Inspirational Quotations from Movies
 
Propositie masterproef
Propositie masterproefPropositie masterproef
Propositie masterproef
 
Motivational quotes
Motivational quotesMotivational quotes
Motivational quotes
 
Linux – getting started
Linux – getting startedLinux – getting started
Linux – getting started
 
Elissa and Jeff 4
Elissa and Jeff 4Elissa and Jeff 4
Elissa and Jeff 4
 
Godraj solutions
Godraj solutionsGodraj solutions
Godraj solutions
 
Elissa & Jeff 2
Elissa & Jeff 2Elissa & Jeff 2
Elissa & Jeff 2
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Security
 
Unix Training - 1
Unix Training - 1Unix Training - 1
Unix Training - 1
 
Instant Single Sign-On and Two-Factor Authentication
Instant Single Sign-On and Two-Factor AuthenticationInstant Single Sign-On and Two-Factor Authentication
Instant Single Sign-On and Two-Factor Authentication
 
Energy Optimized Link Selection Algorithm for Mobile Cloud Computing
Energy Optimized Link Selection Algorithm for Mobile Cloud ComputingEnergy Optimized Link Selection Algorithm for Mobile Cloud Computing
Energy Optimized Link Selection Algorithm for Mobile Cloud Computing
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
Mobile Two Factor Authentication
Mobile Two Factor AuthenticationMobile Two Factor Authentication
Mobile Two Factor Authentication
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low Cost
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
 
Updating Security Operations for the Cloud
Updating Security Operations for the CloudUpdating Security Operations for the Cloud
Updating Security Operations for the Cloud
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...
2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...
2014 IEEE DOTNET MOBILE COMPUTING PROJECT A qos-oriented-distributed-routing-...
 
Disseminating Traffic Information in Vehicular Networks
Disseminating Traffic Information in Vehicular NetworksDisseminating Traffic Information in Vehicular Networks
Disseminating Traffic Information in Vehicular Networks
 
Exam II Review Session Information Security 365/765
Exam II Review Session Information Security 365/765Exam II Review Session Information Security 365/765
Exam II Review Session Information Security 365/765
 

Similar to Security Operations

2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problemskiansahafi
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityLarry Ball
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsPort80 Software
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 

Similar to Security Operations (20)

2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
Web Access Firewall
Web Access FirewallWeb Access Firewall
Web Access Firewall
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Cloud computingsec p3
Cloud computingsec p3Cloud computingsec p3
Cloud computingsec p3
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating security
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application Security
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future Musings
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 

Recently uploaded

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Recently uploaded (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Security Operations

Editor's Notes

  1. Figure from BSI-MM
  2. Figure from BSI-MM
  3. Figure from BSI-MM
  4. Figure from BSI-MM
  5. Figure from BSI-MM
  6. Figure from BSI-MM
  7. Figure from BSI-MM
  8. Figure from BSI-MM
  9. Figure from BSI-MM
  10. Figure from BSI-MM
  11. Figure from BSI-MM
  12. Figure from BSI-MM
  13. Figure from BSI-MM
  14. Figure from BSI-MM
  15. Figure from BSI-MM Does not include activities from every practice.