Name: Threat Modeling Unleashed: Part 1
Start: 2023-07-17T16:06:00Z
End: 2023-07-17T16:06:54.000Z
Location: BrightTALK
Rating: 0

Security Journey offers robust application security education tools to help developers and the entire SDLC team recognize and understand vulnerabilities and threats and proactively mitigate these risks. The knowledge learners acquire in our programs goes beyond helping learners code more securely – it turns everyone in the SDLC into security champions. 

We are currently in an application security dilemma that stems from growing security concerns, pressure on development teams, and a lack of structured security training. This dilemma is affecting organizations and is why application security has not improved over the last decade. 

Let's take a look at some stats: 
- Recent studies show 210% new vulnerabilities per year in the National Vulnerability Database 
- 92% of developers feel pressure to release code to market faster 
- Top 50 US university coding programs currently don't require their students to take secure coding courses  

In this video, Amy Baker from Security Journey will review the business impact of an application security risk, the cost of secure coding training, and show how you can calculate the ROI of secure coding training.

Measuring the ROI of Secure Coding Training

Today, 0 of the top 50 undergraduate computer science programs require a course in application security.  In many organizations, developers have little training beyond basic security awareness around the OWASP Top 10. 

In this webinar, we will discuss why code security is important and how to implement security into your software development life cycle. We will also provide tools, techniques, and best practices to help developers build secure code.

How Are You Solving The Developer Security Knowledge Gap?

This is a shell webinarOWASP released its' peer-approved, final list of the OWASP Top 10 2021 in September. Since it had been many years since they released their list, Chris Romeo and AppSec Engineer,  Michael Burch, discussed and broke down the OWASP Top 10 2021 list for Cyber Security Awareness Month (October 2021). The big question is, what can we really do to turn these top vulnerabilities around? They provided a comprehensive knowledge behind each vulnerability and their opinions on what should be done to make changes.

AppSec Explained: OWASP Edition

Teams across industries struggle to find the right balance between thorough testing and rapid release.

Waiting too long to test in the SDLC may require lengthy and expensive code refactoring. Only testing at the beginning or not enough likely means you're missing critical vulnerabilities. 

Effective and efficient testing strategies require balance throughout the entire SDLC. We've defined a software security testing framework that accomplishes this. 

During this webinar, Michael Burch, Director of Application Security, will: 
1. Discuss the benefits of a balanced testing framework
2. Define Software Security Testing Lifecycle (SWSTL)
3. Outline how SWSTL works with DevSecOps

Keeping The Balance Between Security Testing and Rapid Release

Server-Side Request Forgery (SSRF) attacks make news. We've heard the stories of victim organizations who report data loss and a lot of negative chatter in the news among technical communities. Malicious actors executing this attack can do so because we create trust relationships between software and systems based on security assumptions.

Mitigation advice is everywhere - input validation, zero-trust architecture, safe listing - just to name a few. We've built lessons around strategies to combat SSRF. But why are we choosing those?

In this session, you'll learn how attackers abuse trust relationships, identify different types of SSRF attacks and apply appropriate mitigations to secure your environment.

A Deep Dive into SSRF

It is evident that threat modeling significantly minimizes the need to rewrite code due to security vulnerabilities. In Part Two of the threat modeling webinar series, Chris Romeo, AppSec Expert and co-author of the Threat Modeling Manifesto, continues his threat modeling session, focusing on the appropriate approach to address the next steps. You can enhance your threat modeling skills by learning and practicing exercises.

Threat Modeling Unleashed: Part 2

Implementing threat modeling is essential to avoid security bugs and enhance the development process. Chris Romeo, the AppSec Expert and co-author of the Threat Modeling Manifesto, recently hosted a discussion on the benefits of threat modeling, including a live demo of the process. This conversation provides insight into the patterns that support effective threat modeling and highlights its principles and values.

Threat Modeling in Action

If you are a development leader who loathes every call or interaction with the security team, this webinar will help you.

We have industry research to share to improve your secure development strategy, extend an olive branch to the security team, and prove to your developers how valuable they are to you.

This discussion embraces the needs of both the development and security teams to help everyone reach the combined goal of quality, secure software while still hitting your speed-to-market goals with new features.

Don't worry, this solution pays for itself, and we'll show you how.

Development vs. Security: Make It Stop

To prevent the need to fix security bugs, it's important to create an effective threat modeling strategy. You can improve your development lifecycle by learning the scoping and drawing steps of threat modeling. Chris Romeo, AppSec Expert and co-author of the Threat Modeling Manifesto, recently hosted a discussion on the best approach to start threat modeling. Through this conversation, you can learn and practice exercises to enhance your threat modeling abilities.

Threat Modeling Unleashed: Part 1

Developers

SDLC

Security Culture

Threat Modeling

Security Awareness

Application Security

Web Application Security

Secure Code

Secure Development

Secure Coding Training

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Threat Modeling Unleashed: Part 1

Presented by

About this talk

More from this channel