Monitoring Application Attack Surface and Integrating Security into DevOps - AppSecUSA 2017

I1yzjXC7gzE/default.jpg

Monitoring Application Attack Surface and Integrating Security into DevOps Pipelines

A web application’s attack surface is the combination of URLs it will respond to as well as the inputs to those URLs that can change the behavior of the application. Understanding an application’s attack surface is critical to being able to provide sufficient security test coverage, and by watching an application’s attack surface change over time security and development teams can help target and optimize testing activities. This presentation looks at methods of calculating web application attack surface and tracking the evolution of attack surface over time. In addition, it looks at metrics and thresholds that can be used to craft policies for integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD) pipelines for teams integrating security into their DevOps practices.


Dan Cornell
CTO, Denim Group
A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...



I1yzjXC7gzE/default.jpg
Monitoring Application Attack Surface and Integrating Security into DevOps - AppSecUSA 2017 Monitoring Application Attack Surface and Integrating Security into DevOps - AppSecUSA 2017 Reviewed by Unknown on January 12, 2018 Rating: 5