Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Vulnerability management in DevSecOps: Easy Concept But Harder To Execute

137 views

Published on

Vulnerability Risk Management is certainly one of the most critical security processes in any company. Attacks on applications and systems can be divided into two categories: exploiting one or more vulnerabilities, or exploiting a human - typically by social engineering. Most sophisticated attacks use a combination of the above. To defend against the former, organisations have developed processes to detect, analyse and remediate vulnerabilities. The key question any organisation should be asking when planning DevSecOps, in the scope of vulnerability management, is whether any of their existing processes need to change and how much. The talk will explain a built about best practice process in a traditional organisation and then dissect individual areas in the view of DevSecOps. Prepare to challenge and be challenged discussing this boring yet critical subject.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Vulnerability management in DevSecOps: Easy Concept But Harder To Execute

  1. 1. VULNERABILITY MANAGEMENT IN DEVSECOPS: EASY CONCEPT BUT HARDER TO EXECUTE?
  2. 2. ☎. 😂
  3. 3. • • • • • • • HTTPS://VLADIMIR.JIRASEK.EU
  4. 4. • • • • • • •
  5. 5. 5 Asset discovery Vulnerability scanning Triage (Analysis) Action Patch Reconfigure Monitoring Vulnerabilities CMDB Reporting Threat intelligence & existing controls Reconciliation between scanned and known hosts. Asset criticality. Authenticated and agent scanning where possible Automated analysis of each vulnerability, threat context – threat actors, exploitability Implementing corrective actions and increasing monitoring Incident and change requests Determine criticality Vulnerability posture

×