In our next webinar, Simon Roe Product Manager at Outpost24 will discuss how you can create greater and more robust visibility of security within the application development lifecycle.
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Creating a sustainable application security program to drive growth
1. Creating a sustainable application
security program to drive growth
Simon Roe, Product Manager
July 2019
2. Poll 1: How mature is your application security program?
• Comprehensive program covers nearly all applications
• Some automated tools and processes for critical applications
• We run penetration tests as needed
• We don't have a program
2
4. State of application security
Why application hacking attacks?
• More applications
• Changing development process
• More cloud deployment
• It’s easy
4
Source: Verizon, 2019 Data Breach Investigations Report
10. Automate discovery
Proxies for business criticality
Establish ownership
Recurring process
Discover and catalog application assets 10
11. Apply a ‘risk score’
• What defines risk (or criticality)?
• Different for each organisation but
likely based on business impact
• Assess each discovered application
against this metric
11
17. KPI’s matter
• Different for different groups
• Security : Risk in terms of vuln criticality
• Board: Risk in terms of fiscal and reputational impact to business
• DevOps : bugs needing fixing
• Build dashboards and reports to meet all interested parties KPI’s
17
18. Takeaways
Discovery leads to more work
• More than expected
• Manual process to find owners and establish criticality
Scope will evolve
• External exposure is a logical starting point
• But internal apps may be just as much work
Metrics are key
• Essential to stay focused on risk
• Management interest in outcomes of investment
18
20. Our solution protects your web apps by reducing
risk exposure, offering flexibility to fit with your
Devopps cycle to meet business goals.
Our tools are best in class and ensure your assets
are always protected leaving you time to make
informed business decisions.
.
20