�ݺ�ߣshows by User: BrianGlas

�ݺ�ߣshows by User: BrianGlas / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: BrianGlas / Thu, 09 Aug 2018 14:45:21 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: BrianGlas Wrangling OWASP Top10 data at BSides Pittsburgh PGH /slideshow/wrangling-owasp-top10-data-at-bsides-pittsburgh-pgh/109228958 wranglingtop10data-bsidespgh-180809144521
Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This talk will discuss tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.]]>
Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This talk will discuss tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.]]> Thu, 09 Aug 2018 14:45:21 GMT /slideshow/wrangling-owasp-top10-data-at-bsides-pittsburgh-pgh/109228958 BrianGlas@slideshare.net(BrianGlas) Wrangling OWASP Top10 data at BSides Pittsburgh PGH BrianGlas Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This talk will discuss tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/wranglingtop10data-bsidespgh-180809144521-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This talk will discuss tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.

Wrangling OWASP Top10 data at BSides Pittsburgh PGH from Brian Glas

]]> 82 2 https://cdn.slidesharecdn.com/ss_thumbnails/wranglingtop10data-bsidespgh-180809144521-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Great Expectations: A Secure Software Story - Open Source North /slideshow/great-expectations-a-secure-software-story-open-source-north/103026313 greatexpectatons-securesoftwarestory-osn-180625205900
Everything we do is based on some expectation of a particular result. Do you know what is expected of you? Are expectations related to security, resiliency, and quality clearly articulated? When writing the story about secure software, expectations are critical; and clearly communicating them is just as critical. Security needs to be intertwined throughout the software development process with clear expectations and measurable goals. When we have a process that only includes security testing at the end of development; right before production, or even after deployment, what’s the expectation? Do we honestly expect to be able to test ourselves secure? It hasn’t worked for over a decade, so we need to reevaluate what we are doing.]]>
Everything we do is based on some expectation of a particular result. Do you know what is expected of you? Are expectations related to security, resiliency, and quality clearly articulated? When writing the story about secure software, expectations are critical; and clearly communicating them is just as critical. Security needs to be intertwined throughout the software development process with clear expectations and measurable goals. When we have a process that only includes security testing at the end of development; right before production, or even after deployment, what’s the expectation? Do we honestly expect to be able to test ourselves secure? It hasn’t worked for over a decade, so we need to reevaluate what we are doing.]]> Mon, 25 Jun 2018 20:59:00 GMT /slideshow/great-expectations-a-secure-software-story-open-source-north/103026313 BrianGlas@slideshare.net(BrianGlas) Great Expectations: A Secure Software Story - Open Source North BrianGlas Everything we do is based on some expectation of a particular result. Do you know what is expected of you? Are expectations related to security, resiliency, and quality clearly articulated? When writing the story about secure software, expectations are critical; and clearly communicating them is just as critical. Security needs to be intertwined throughout the software development process with clear expectations and measurable goals. When we have a process that only includes security testing at the end of development; right before production, or even after deployment, what’s the expectation? Do we honestly expect to be able to test ourselves secure? It hasn’t worked for over a decade, so we need to reevaluate what we are doing. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/greatexpectatons-securesoftwarestory-osn-180625205900-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Everything we do is based on some expectation of a particular result. Do you know what is expected of you? Are expectations related to security, resiliency, and quality clearly articulated? When writing the story about secure software, expectations are critical; and clearly communicating them is just as critical. Security needs to be intertwined throughout the software development process with clear expectations and measurable goals. When we have a process that only includes security testing at the end of development; right before production, or even after deployment, what’s the expectation? Do we honestly expect to be able to test ourselves secure? It hasn’t worked for over a decade, so we need to reevaluate what we are doing.

Great Expectations: A Secure Software Story - Open Source North from Brian Glas

]]> 290 2 https://cdn.slidesharecdn.com/ss_thumbnails/greatexpectatons-securesoftwarestory-osn-180625205900-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Secure360 May 2018 Lessons Learned from OWASP T10 Datacall /slideshow/secure360-may-2018-lessons-learned-from-owasp-t10-datacall/97185897 s360-tc-2018bglas-owaspt10-data-180515163714
Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This session will provide tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.]]>
Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This session will provide tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.]]> Tue, 15 May 2018 16:37:14 GMT /slideshow/secure360-may-2018-lessons-learned-from-owasp-t10-datacall/97185897 BrianGlas@slideshare.net(BrianGlas) Secure360 May 2018 Lessons Learned from OWASP T10 Datacall BrianGlas Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This session will provide tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/s360-tc-2018bglas-owaspt10-data-180515163714-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This session will provide tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.

Secure360 May 2018 Lessons Learned from OWASP T10 Datacall from Brian Glas

]]> 346 1 https://cdn.slidesharecdn.com/ss_thumbnails/s360-tc-2018bglas-owaspt10-data-180515163714-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Owasp SAMM v1.5 /slideshow/owasp-samm-v15/73137492 owaspsammv1-170314153052
Presentation from SAMM Webinar on March 1, 2017 https://www.youtube.com/watch?v=4pKdwRb8fTI Needing to build more secure software, but not sure how to get started or what to focus on? The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing an organization.]]>
Presentation from SAMM Webinar on March 1, 2017 https://www.youtube.com/watch?v=4pKdwRb8fTI Needing to build more secure software, but not sure how to get started or what to focus on? The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing an organization.]]> Tue, 14 Mar 2017 15:30:52 GMT /slideshow/owasp-samm-v15/73137492 BrianGlas@slideshare.net(BrianGlas) Owasp SAMM v1.5 BrianGlas Presentation from SAMM Webinar on March 1, 2017 https://www.youtube.com/watch?v=4pKdwRb8fTI Needing to build more secure software, but not sure how to get started or what to focus on? The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing an organization. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/owaspsammv1-170314153052-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Presentation from SAMM Webinar on March 1, 2017 https://www.youtube.com/watch?v=4pKdwRb8fTI Needing to build more secure software, but not sure how to get started or what to focus on? The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing an organization.

Owasp SAMM v1.5 from Brian Glas

]]> 2930 4 https://cdn.slidesharecdn.com/ss_thumbnails/owaspsammv1-170314153052-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-BrianGlas-48x48.jpg?cb=1620232302 Brian has worked in IT for over 20 years and Information/Application Security for the last decade. He has worked as a full stack dev, application assessor, technical lead, incident response, anti-malware engineer, application architect, infosec manager, and consultant. Brian has spent the last several years helping clients build AppSec Programs, perform SAMM Assessments, create/update SDLCs, and other related work. He has worked on the Trustworthy Computing team at Microsoft and is currently working at nVisium as a Managing Consultant. Brian is one of the project leads and actively contributing to SAMM v1.1-2.0. https://cdn.slidesharecdn.com/ss_thumbnails/wranglingtop10data-bsidespgh-180809144521-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/wrangling-owasp-top10-data-at-bsides-pittsburgh-pgh/109228958 Wrangling OWASP Top10 ... https://cdn.slidesharecdn.com/ss_thumbnails/greatexpectatons-securesoftwarestory-osn-180625205900-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/great-expectations-a-secure-software-story-open-source-north/103026313 Great Expectations: A ... https://cdn.slidesharecdn.com/ss_thumbnails/s360-tc-2018bglas-owaspt10-data-180515163714-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/secure360-may-2018-lessons-learned-from-owasp-t10-datacall/97185897 Secure360 May 2018 Les...