From Dev to Security Rey Bango (@reybango) AppSec is hard Credit: - - PowerPoint PPT Presentation

from dev to security
SMART_READER_LITE
LIVE PREVIEW

From Dev to Security Rey Bango (@reybango) AppSec is hard Credit: - - PowerPoint PPT Presentation

May 18, 2023 291 likes •763 views

From Dev to Security Rey Bango (@reybango) AppSec is hard Credit: https://imgur.com/user/PipePistoleer Implicit trust On average, each Web application that Positive Technologies inspected contained 33 vulnerabilities . Of those, six were high-

slide-1
SLIDE 1

From Dev to Security

Rey Bango (@reybango)

slide-2
SLIDE 2
slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5
slide-6
SLIDE 6
slide-7
SLIDE 7
slide-8
SLIDE 8
slide-9
SLIDE 9

AppSec is hard

slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13
slide-14
SLIDE 14
slide-15
SLIDE 15
slide-16
SLIDE 16
slide-17
SLIDE 17
slide-18
SLIDE 18

Credit: https://imgur.com/user/PipePistoleer

slide-19
SLIDE 19
slide-20
SLIDE 20

Implicit trust

slide-21
SLIDE 21
slide-22
SLIDE 22

On average, each Web application that Positive Technologies inspected contained 33 vulnerabilities. Of those, six were high- severity flaws, compared to just two the prior year. More than two-thirds of the apps (67%) contained critical vulnerabilities such as insufficient authorization errors, arbitrary file upload, path traversal, and SQL injection flaws.

https://www.darkreading.com/vulnerabilities---threats/web-apps-are-becoming-less-secure/

slide-23
SLIDE 23

VeraCode polled 400 app developers from the UK, US and Germany and found just 52% update these components when a new vulnerability is

  • announced. The research revealed that 83% of respondents use either

commercial and/or open source components, with an average of 73 used per application. Some 71 vulnerabilities per application are introduced on average through use of third-party components, with only 23% of respondents claiming they test for bugs in components at every release.

https://www.darkreading.com/vulnerabilities---threats/web-apps-are-becoming-less-secure/

slide-24
SLIDE 24

Web apps & APIs are the new attack endpoints

slide-25
SLIDE 25

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

slide-26
SLIDE 26

Credit: Tanya Janca, Cloud Security Advocate at MSFT

slide-27
SLIDE 27

Security Champions

slide-28
SLIDE 28
slide-29
SLIDE 29
slide-30
SLIDE 30
slide-31
SLIDE 31
slide-32
SLIDE 32
slide-33
SLIDE 33
slide-34
SLIDE 34
slide-35
SLIDE 35
slide-36
SLIDE 36

Practice makes permanent

slide-37
SLIDE 37

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project OWASP Juice Shop

slide-38
SLIDE 38

http://www.dvwa.co.uk Damn Vulnerable Web Application (DVWA)

slide-39
SLIDE 39

https://www.owasp.org/index.php/OWASP_DevSlop_Project OWASP DevSlop Project

slide-40
SLIDE 40

Automate Security

slide-41
SLIDE 41

Credit: WhiteSource.com

slide-42
SLIDE 42
slide-43
SLIDE 43
slide-44
SLIDE 44

Build a strong network

slide-45
SLIDE 45

Tanya Janca @shehackspurple

slide-46
SLIDE 46

Look for non-traditional talent

slide-47
SLIDE 47

Do the right thing