More Related Content
Similar to Playbook Round Table - Measuring your security program against 2018's application attacks (20)
More from Priyanka Aash (20)
Playbook Round Table - Measuring your security program against 2018's application attacks
- 3. Common Challenges
• OSS and 3rd party risks
• Shadow IT: Online applications which are unknown (1st + 3rd party)
• Resource augmentation (Internal + external)
• Serialization in Appsec
• Handling privacy
• Secure architecture
- 11. Creating Appsec Program Architecture
• Protect
• RASP
• Secure Software Development, Patching/Fixing
• Infra hardening
• WAF
• PCI DSS, Live system/cannot patch easily, WAF feedback to developers, Integration with
DAST, Integrate with SIEM & SSL offloading
• Application layer DDOS
• Behavior based analytics, Device and User fingerprinting, Multi stage verification (WAF)
& Captcha farm identification
- 13. Creating Appsec Program Architecture
• Respond/Recovery
• WAF, DDOS, Deception/Honeypots, Bot
• Hot/Backups/Physical
• RASP
• Logging for forensics
• Communication playbook (internal and external)
• Maintaining chain of custody from legal perspectives
• Response playbooks
• BCM/DR
• Deception/Honeypot