際際滷shows by User: Cigital / http://www.slideshare.net/images/logo.gif 際際滷shows by User: Cigital / Thu, 30 Mar 2017 02:32:28 GMT 際際滷Share feed for 際際滷shows by User: Cigital 7 Lessons Learned From BSIMM /slideshow/7-lessonslearnedfrombsimmsynopsys/73921880 7-lessons-learned-from-bsimm-synopsys-170330023228
The BSIMM is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. BSIMM is not a how to guide, nor is it a one-size-fits-all prescription. Instead, BSIMM is a reflection of software security. Here are some things we've learned and observed over the years that may help you.]]>
The BSIMM is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. BSIMM is not a how to guide, nor is it a one-size-fits-all prescription. Instead, BSIMM is a reflection of software security. Here are some things we've learned and observed over the years that may help you.]]> Thu, 30 Mar 2017 02:32:28 GMT /slideshow/7-lessonslearnedfrombsimmsynopsys/73921880 Cigital@slideshare.net(Cigital) 7 Lessons Learned From BSIMM Cigital The BSIMM is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. BSIMM is not a how to guide, nor is it a one-size-fits-all prescription. Instead, BSIMM is a reflection of software security. Here are some things we've learned and observed over the years that may help you. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/7-lessons-learned-from-bsimm-synopsys-170330023228-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> The BSIMM is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. BSIMM is not a how to guide, nor is it a one-size-fits-all prescription. Instead, BSIMM is a reflection of software security. Here are some things we&#39;ve learned and observed over the years that may help you.
7 Lessons Learned From BSIMM from Cigital
]]> 342 3 https://cdn.slidesharecdn.com/ss_thumbnails/7-lessons-learned-from-bsimm-synopsys-170330023228-thumbnail.jpg?width=120&height=120&fit=bounds infographic Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Secure Design: Threat Modeling /slideshow/secure-design-threat-modeling/67417215 owaspclevelandoctober2016-as-161019161408
Why are code reviews and penetration tests not enough to secure your organizations software? This presentation explores the importance of threat modeling in the security journey. ]]>
Why are code reviews and penetration tests not enough to secure your organizations software? This presentation explores the importance of threat modeling in the security journey. ]]> Wed, 19 Oct 2016 16:14:08 GMT /slideshow/secure-design-threat-modeling/67417215 Cigital@slideshare.net(Cigital) Secure Design: Threat Modeling Cigital Why are code reviews and penetration tests not enough to secure your organizations software? This presentation explores the importance of threat modeling in the security journey. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/owaspclevelandoctober2016-as-161019161408-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Why are code reviews and penetration tests not enough to secure your organizations software? This presentation explores the importance of threat modeling in the security journey.
Secure Design: Threat Modeling from Cigital
]]> 2724 4 https://cdn.slidesharecdn.com/ss_thumbnails/owaspclevelandoctober2016-as-161019161408-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Getting Executive Support for a Software Security Program /slideshow/getting-executive-support-for-a-software-security-program/67411956 gettingexecutivesupportforasecurityprogram-161019143244
Software security is one of many competing priorities within your organization. How do you get the attention and budget you need? This presentation walks you through ways to build executive support]]>
Software security is one of many competing priorities within your organization. How do you get the attention and budget you need? This presentation walks you through ways to build executive support]]> Wed, 19 Oct 2016 14:32:44 GMT /slideshow/getting-executive-support-for-a-software-security-program/67411956 Cigital@slideshare.net(Cigital) Getting Executive Support for a Software Security Program Cigital Software security is one of many competing priorities within your organization. How do you get the attention and budget you need? This presentation walks you through ways to build executive support <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/gettingexecutivesupportforasecurityprogram-161019143244-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Software security is one of many competing priorities within your organization. How do you get the attention and budget you need? This presentation walks you through ways to build executive support
Getting Executive Support for a Software Security Program from Cigital
]]> 459 2 https://cdn.slidesharecdn.com/ss_thumbnails/gettingexecutivesupportforasecurityprogram-161019143244-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Handle With Care: You Have My VA Report! /slideshow/handle-with-care-you-have-my-va-report/67179665 va-owasp-basc-nmurthy-es-161014135138
Does your organization rely heavily on vendor applications for streamlining your processes? Do you wonder what threats your data is exposed to when its handled by these applications? The following discussion acts as a guideline for organizations to follow while reaching a consensus on application assessments and findings. ]]>
Does your organization rely heavily on vendor applications for streamlining your processes? Do you wonder what threats your data is exposed to when its handled by these applications? The following discussion acts as a guideline for organizations to follow while reaching a consensus on application assessments and findings. ]]> Fri, 14 Oct 2016 13:51:37 GMT /slideshow/handle-with-care-you-have-my-va-report/67179665 Cigital@slideshare.net(Cigital) Handle With Care: You Have My VA Report! Cigital Does your organization rely heavily on vendor applications for streamlining your processes? Do you wonder what threats your data is exposed to when its handled by these applications? The following discussion acts as a guideline for organizations to follow while reaching a consensus on application assessments and findings. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/va-owasp-basc-nmurthy-es-161014135138-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Does your organization rely heavily on vendor applications for streamlining your processes? Do you wonder what threats your data is exposed to when its handled by these applications? The following discussion acts as a guideline for organizations to follow while reaching a consensus on application assessments and findings.
Handle With Care: You Have My VA Report! from Cigital
]]> 1131 3 https://cdn.slidesharecdn.com/ss_thumbnails/va-owasp-basc-nmurthy-es-161014135138-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Can You Really Automate Yourself Secure /slideshow/can-you-really-automate-yourself-secure/67091503 canyoureallyautomateyourselfsecure-161012213351
Much attention has been given to the need for increased automation in security, given the sheer volume of attackers and attacks, the overload of information security pros must wrangle, and the continued high demand for security expertise. But can automation solve all of securitys most serious problems? If not, why not? Will there always be a need for human involvement? These slides were used in a live webcast featuring, 451 Research Information Security Research Director Scott Crawford and Cigital Managing Principal Nabil Hannan. You can watch this and other webcasts by visiting https://www.cigital.com/resources/. ]]>
Much attention has been given to the need for increased automation in security, given the sheer volume of attackers and attacks, the overload of information security pros must wrangle, and the continued high demand for security expertise. But can automation solve all of securitys most serious problems? If not, why not? Will there always be a need for human involvement? These slides were used in a live webcast featuring, 451 Research Information Security Research Director Scott Crawford and Cigital Managing Principal Nabil Hannan. You can watch this and other webcasts by visiting https://www.cigital.com/resources/. ]]> Wed, 12 Oct 2016 21:33:51 GMT /slideshow/can-you-really-automate-yourself-secure/67091503 Cigital@slideshare.net(Cigital) Can You Really Automate Yourself Secure Cigital Much attention has been given to the need for increased automation in security, given the sheer volume of attackers and attacks, the overload of information security pros must wrangle, and the continued high demand for security expertise. But can automation solve all of securitys most serious problems? If not, why not? Will there always be a need for human involvement? These slides were used in a live webcast featuring, 451 Research Information Security Research Director Scott Crawford and Cigital Managing Principal Nabil Hannan. You can watch this and other webcasts by visiting https://www.cigital.com/resources/. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/canyoureallyautomateyourselfsecure-161012213351-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Much attention has been given to the need for increased automation in security, given the sheer volume of attackers and attacks, the overload of information security pros must wrangle, and the continued high demand for security expertise. But can automation solve all of securitys most serious problems? If not, why not? Will there always be a need for human involvement? These slides were used in a live webcast featuring, 451 Research Information Security Research Director Scott Crawford and Cigital Managing Principal Nabil Hannan. You can watch this and other webcasts by visiting https://www.cigital.com/resources/.
Can You Really Automate Yourself Secure from Cigital
]]> 352 3 https://cdn.slidesharecdn.com/ss_thumbnails/canyoureallyautomateyourselfsecure-161012213351-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 How to Choose the Right Security Training for You /slideshow/how-to-choose-the-right-security-training-for-you/65993781 howtochoosetherightsecuritytrainingforyou-160913215341
There aren't enough security experts to fill the more than 1 million open cybersecurity jobs. If youre lucky enough to have the security staff its important to keep them motivated and learning, to do that you need to know what options are open to you. Well take a dive into training options so you can pick whats right for your staff and your organization. ]]>
There aren't enough security experts to fill the more than 1 million open cybersecurity jobs. If youre lucky enough to have the security staff its important to keep them motivated and learning, to do that you need to know what options are open to you. Well take a dive into training options so you can pick whats right for your staff and your organization. ]]> Tue, 13 Sep 2016 21:53:40 GMT /slideshow/how-to-choose-the-right-security-training-for-you/65993781 Cigital@slideshare.net(Cigital) How to Choose the Right Security Training for You Cigital There aren't enough security experts to fill the more than 1 million open cybersecurity jobs. If youre lucky enough to have the security staff its important to keep them motivated and learning, to do that you need to know what options are open to you. Well take a dive into training options so you can pick whats right for your staff and your organization. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/howtochoosetherightsecuritytrainingforyou-160913215341-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> There aren&#39;t enough security experts to fill the more than 1 million open cybersecurity jobs. If youre lucky enough to have the security staff its important to keep them motivated and learning, to do that you need to know what options are open to you. Well take a dive into training options so you can pick whats right for your staff and your organization.
How to Choose the Right Security Training for You from Cigital
]]> 294 2 https://cdn.slidesharecdn.com/ss_thumbnails/howtochoosetherightsecuritytrainingforyou-160913215341-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 6 Most Common Threat Modeling Misconceptions /slideshow/6-most-common-threat-modeling-misconceptions/64699756 6mostcommonthreatmodelingmisconceptions-final-160804140520
There are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This presentation shines a bright light onto the essentials and helps to get your bearings straight with all things related to threat modeling.]]>
There are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This presentation shines a bright light onto the essentials and helps to get your bearings straight with all things related to threat modeling.]]> Thu, 04 Aug 2016 14:05:20 GMT /slideshow/6-most-common-threat-modeling-misconceptions/64699756 Cigital@slideshare.net(Cigital) 6 Most Common Threat Modeling Misconceptions Cigital There are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This presentation shines a bright light onto the essentials and helps to get your bearings straight with all things related to threat modeling. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/6mostcommonthreatmodelingmisconceptions-final-160804140520-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> There are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This presentation shines a bright light onto the essentials and helps to get your bearings straight with all things related to threat modeling.
6 Most Common Threat Modeling Misconceptions from Cigital
]]> 840 2 https://cdn.slidesharecdn.com/ss_thumbnails/6mostcommonthreatmodelingmisconceptions-final-160804140520-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Video Game Security /slideshow/video-game-security/64485330 videogamesecuritycj-final-160728174226
This presentation from AppSec 2016 covers video game security and hacking video games including how to analyze your business risk, common attacks and protection, and specific tactics to lower your risk. ]]>
This presentation from AppSec 2016 covers video game security and hacking video games including how to analyze your business risk, common attacks and protection, and specific tactics to lower your risk. ]]> Thu, 28 Jul 2016 17:42:26 GMT /slideshow/video-game-security/64485330 Cigital@slideshare.net(Cigital) Video Game Security Cigital This presentation from AppSec 2016 covers video game security and hacking video games including how to analyze your business risk, common attacks and protection, and specific tactics to lower your risk. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/videogamesecuritycj-final-160728174226-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> This presentation from AppSec 2016 covers video game security and hacking video games including how to analyze your business risk, common attacks and protection, and specific tactics to lower your risk.
Video Game Security from Cigital
]]> 1740 5 https://cdn.slidesharecdn.com/ss_thumbnails/videogamesecuritycj-final-160728174226-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Get Your Board to Say "Yes" to a BSIMM Assessment /slideshow/get-your-board-to-say-yes-to-a-bsimm-assessment/64452195 getyourboardtosayyestobsimmfinal-160727210941
Not everyone understands why benchmarking is important or how it can help set the course for the future. If youre having trouble convincing your executive team why this matters take a look at our slides Get Your Board to Say Yes to a BSIMM Assessment for guidance on what to share and how to share it. ]]>
Not everyone understands why benchmarking is important or how it can help set the course for the future. If youre having trouble convincing your executive team why this matters take a look at our slides Get Your Board to Say Yes to a BSIMM Assessment for guidance on what to share and how to share it. ]]> Wed, 27 Jul 2016 21:09:41 GMT /slideshow/get-your-board-to-say-yes-to-a-bsimm-assessment/64452195 Cigital@slideshare.net(Cigital) Get Your Board to Say "Yes" to a BSIMM Assessment Cigital Not everyone understands why benchmarking is important or how it can help set the course for the future. If youre having trouble convincing your executive team why this matters take a look at our slides Get Your Board to Say Yes to a BSIMM Assessment for guidance on what to share and how to share it. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/getyourboardtosayyestobsimmfinal-160727210941-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Not everyone understands why benchmarking is important or how it can help set the course for the future. If youre having trouble convincing your executive team why this matters take a look at our slides Get Your Board to Say Yes to a BSIMM Assessment for guidance on what to share and how to share it.
Get Your Board to Say "Yes" to a BSIMM Assessment from Cigital
]]> 443 3 https://cdn.slidesharecdn.com/ss_thumbnails/getyourboardtosayyestobsimmfinal-160727210941-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Software Security Metrics /slideshow/software-security-metrics/64037617 softwaresecuritymetricscwongappseccali2016-160714192835
More often than not, company executives ask the wrong questions about software security. This session will discuss techniques for changing the conversation about software security in order to encourage executives to ask the right questions and provide answers that show progress towards meaningful objectives. Caroline will discuss a progression of software security capabilities and the metrics that correspond to different levels of maturity. Shell discuss an approach for developing key metrics for your unique software security program and walk through a detailed example. ]]>
More often than not, company executives ask the wrong questions about software security. This session will discuss techniques for changing the conversation about software security in order to encourage executives to ask the right questions and provide answers that show progress towards meaningful objectives. Caroline will discuss a progression of software security capabilities and the metrics that correspond to different levels of maturity. Shell discuss an approach for developing key metrics for your unique software security program and walk through a detailed example. ]]> Thu, 14 Jul 2016 19:28:35 GMT /slideshow/software-security-metrics/64037617 Cigital@slideshare.net(Cigital) Software Security Metrics Cigital More often than not, company executives ask the wrong questions about software security. This session will discuss techniques for changing the conversation about software security in order to encourage executives to ask the right questions and provide answers that show progress towards meaningful objectives. Caroline will discuss a progression of software security capabilities and the metrics that correspond to different levels of maturity. Shell discuss an approach for developing key metrics for your unique software security program and walk through a detailed example. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/softwaresecuritymetricscwongappseccali2016-160714192835-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> More often than not, company executives ask the wrong questions about software security. This session will discuss techniques for changing the conversation about software security in order to encourage executives to ask the right questions and provide answers that show progress towards meaningful objectives. Caroline will discuss a progression of software security capabilities and the metrics that correspond to different levels of maturity. Shell discuss an approach for developing key metrics for your unique software security program and walk through a detailed example.
Software Security Metrics from Cigital
]]> 3716 10 https://cdn.slidesharecdn.com/ss_thumbnails/softwaresecuritymetricscwongappseccali2016-160714192835-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Software Security Initiative Capabilities: Where Do I Begin? /slideshow/software-security-initiative-capabilities-where-do-i-begin/63308734 2016-01-26owaspappseccalissiinitiatives-160621200316
Where to begin your software security initiative including defect discovery, secure SDLC, vendor management and more.]]>
Where to begin your software security initiative including defect discovery, secure SDLC, vendor management and more.]]> Tue, 21 Jun 2016 20:03:16 GMT /slideshow/software-security-initiative-capabilities-where-do-i-begin/63308734 Cigital@slideshare.net(Cigital) Software Security Initiative Capabilities: Where Do I Begin? Cigital Where to begin your software security initiative including defect discovery, secure SDLC, vendor management and more. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/2016-01-26owaspappseccalissiinitiatives-160621200316-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Where to begin your software security initiative including defect discovery, secure SDLC, vendor management and more.
Software Security Initiative Capabilities: Where Do I Begin? from Cigital
]]> 1457 9 https://cdn.slidesharecdn.com/ss_thumbnails/2016-01-26owaspappseccalissiinitiatives-160621200316-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot /slideshow/static-analysis-tools-and-frameworks-overcoming-a-dangerous-blind-spot/63103165 staticanalysistoolsandframeworkblindspotsmles6-15-16-160615162204
More and more organizations are using static analysis tools to find security bugs and other quality issues in software long before the code is tested and released. This is a good thing, and despite their well-known frustrations like high false positive rates and relatively slow speeds, these tools are helping improve the overall security of software. Unfortunately, these known frustrations may also introduce a dangerous blind spot in these tools which do not know modern frameworks as well as they know the base languages. Learn how organizations are often left feeling secure when theyre not. ]]>
More and more organizations are using static analysis tools to find security bugs and other quality issues in software long before the code is tested and released. This is a good thing, and despite their well-known frustrations like high false positive rates and relatively slow speeds, these tools are helping improve the overall security of software. Unfortunately, these known frustrations may also introduce a dangerous blind spot in these tools which do not know modern frameworks as well as they know the base languages. Learn how organizations are often left feeling secure when theyre not. ]]> Wed, 15 Jun 2016 16:22:04 GMT /slideshow/static-analysis-tools-and-frameworks-overcoming-a-dangerous-blind-spot/63103165 Cigital@slideshare.net(Cigital) Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot Cigital More and more organizations are using static analysis tools to find security bugs and other quality issues in software long before the code is tested and released. This is a good thing, and despite their well-known frustrations like high false positive rates and relatively slow speeds, these tools are helping improve the overall security of software. Unfortunately, these known frustrations may also introduce a dangerous blind spot in these tools which do not know modern frameworks as well as they know the base languages. Learn how organizations are often left feeling secure when theyre not. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/staticanalysistoolsandframeworkblindspotsmles6-15-16-160615162204-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> More and more organizations are using static analysis tools to find security bugs and other quality issues in software long before the code is tested and released. This is a good thing, and despite their well-known frustrations like high false positive rates and relatively slow speeds, these tools are helping improve the overall security of software. Unfortunately, these known frustrations may also introduce a dangerous blind spot in these tools which do not know modern frameworks as well as they know the base languages. Learn how organizations are often left feeling secure when theyre not.
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot from Cigital
]]> 791 6 https://cdn.slidesharecdn.com/ss_thumbnails/staticanalysistoolsandframeworkblindspotsmles6-15-16-160615162204-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Cyber War, Cyber Peace, Stones, and Glass Houses /slideshow/cyber-war-cyber-peace-stones-and-glass-houses-62143816/62143816 cyberwarcyberpeacestonesglasshouses5-17talk-2-160518134616
Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked. In my view, cyber security policy must focus on solving the software security problem fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw.]]>
Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked. In my view, cyber security policy must focus on solving the software security problem fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw.]]> Wed, 18 May 2016 13:46:16 GMT /slideshow/cyber-war-cyber-peace-stones-and-glass-houses-62143816/62143816 Cigital@slideshare.net(Cigital) Cyber War, Cyber Peace, Stones, and Glass Houses Cigital Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked. In my view, cyber security policy must focus on solving the software security problem fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/cyberwarcyberpeacestonesglasshouses5-17talk-2-160518134616-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked. In my view, cyber security policy must focus on solving the software security problem fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw.
Cyber War, Cyber Peace, Stones, and Glass Houses from Cigital
]]> 255 5 https://cdn.slidesharecdn.com/ss_thumbnails/cyberwarcyberpeacestonesglasshouses5-17talk-2-160518134616-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 The Complete Web Application Security Testing Checklist /slideshow/the-complete-web-application-security-testing-checklist/61337692 appsectestingchecklistfinal-160425195426
Did you know that the web is the most common target for application-level attacks? That being said, if you have ever been tasked with securing a web application for one reason or another, then you know its not a simple feat to accomplish. When securing your applications, its critical to take a strategic approach. This web application security testing checklist guides you through the testing process, captures key testing elements, and prevents testing oversights. Tailor your approach and ensure that your testing strategy is as effective, efficient, and timely as possible with these six steps:]]>
Did you know that the web is the most common target for application-level attacks? That being said, if you have ever been tasked with securing a web application for one reason or another, then you know its not a simple feat to accomplish. When securing your applications, its critical to take a strategic approach. This web application security testing checklist guides you through the testing process, captures key testing elements, and prevents testing oversights. Tailor your approach and ensure that your testing strategy is as effective, efficient, and timely as possible with these six steps:]]> Mon, 25 Apr 2016 19:54:26 GMT /slideshow/the-complete-web-application-security-testing-checklist/61337692 Cigital@slideshare.net(Cigital) The Complete Web Application Security Testing Checklist Cigital Did you know that the web is the most common target for application-level attacks? That being said, if you have ever been tasked with securing a web application for one reason or another, then you know its not a simple feat to accomplish. When securing your applications, its critical to take a strategic approach. This web application security testing checklist guides you through the testing process, captures key testing elements, and prevents testing oversights. Tailor your approach and ensure that your testing strategy is as effective, efficient, and timely as possible with these six steps: <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/appsectestingchecklistfinal-160425195426-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Did you know that the web is the most common target for application-level attacks? That being said, if you have ever been tasked with securing a web application for one reason or another, then you know its not a simple feat to accomplish. When securing your applications, its critical to take a strategic approach. This web application security testing checklist guides you through the testing process, captures key testing elements, and prevents testing oversights. Tailor your approach and ensure that your testing strategy is as effective, efficient, and timely as possible with these six steps:
The Complete Web Application Security Testing Checklist from Cigital
]]> 2110 15 https://cdn.slidesharecdn.com/ss_thumbnails/appsectestingchecklistfinal-160425195426-thumbnail.jpg?width=120&height=120&fit=bounds infographic Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 SAST vs. DAST: Whats the Best Method For Application Security Testing? /slideshow/sast-vs-dast-whats-the-best-method-for-application-security-testing/59333703 sastvs-160309191128
High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) and dynamic application security testing (DAST). These application security testing methodologies are used to find the security vulnerabilities that make your organizations applications susceptible to attack. The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS), SQL injection, and buffer overflow earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while web applications are running. Let us guide you through your application security testing journey with more key differences between SAST and DAST:]]>
High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) and dynamic application security testing (DAST). These application security testing methodologies are used to find the security vulnerabilities that make your organizations applications susceptible to attack. The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS), SQL injection, and buffer overflow earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while web applications are running. Let us guide you through your application security testing journey with more key differences between SAST and DAST:]]> Wed, 09 Mar 2016 19:11:28 GMT /slideshow/sast-vs-dast-whats-the-best-method-for-application-security-testing/59333703 Cigital@slideshare.net(Cigital) SAST vs. DAST: Whats the Best Method For Application Security Testing? Cigital High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) and dynamic application security testing (DAST). These application security testing methodologies are used to find the security vulnerabilities that make your organizations applications susceptible to attack. The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS), SQL injection, and buffer overflow earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while web applications are running. Let us guide you through your application security testing journey with more key differences between SAST and DAST: <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sastvs-160309191128-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) and dynamic application security testing (DAST). These application security testing methodologies are used to find the security vulnerabilities that make your organizations applications susceptible to attack. The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS), SQL injection, and buffer overflow earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while web applications are running. Let us guide you through your application security testing journey with more key differences between SAST and DAST:
SAST vs. DAST: Whats the Best Method For Application Security Testing? from Cigital
]]> 4458 8 https://cdn.slidesharecdn.com/ss_thumbnails/sastvs-160309191128-thumbnail.jpg?width=120&height=120&fit=bounds infographic Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 The Path to Proactive Application Security /slideshow/the-path-to-proactive-application-security/57478943 managedservicesthepathtoproactiveapplicationsecurity-160125203608
Applications support some of the most strategic business processes and access an organizations most sensitive data. These applications also contain 92% of reported security vulnerabilities, not networks. Yet application security continues to receive less budget and attention than network security. This means security-aware companies must find a cost-effective application security solution to lower application-related security risk without compromising productivity. Not an easy task. Fortunately, there is a way. In this presentation, youll learn one simple solution to solving six of the most common security hurdles. ]]>
Applications support some of the most strategic business processes and access an organizations most sensitive data. These applications also contain 92% of reported security vulnerabilities, not networks. Yet application security continues to receive less budget and attention than network security. This means security-aware companies must find a cost-effective application security solution to lower application-related security risk without compromising productivity. Not an easy task. Fortunately, there is a way. In this presentation, youll learn one simple solution to solving six of the most common security hurdles. ]]> Mon, 25 Jan 2016 20:36:08 GMT /slideshow/the-path-to-proactive-application-security/57478943 Cigital@slideshare.net(Cigital) The Path to Proactive Application Security Cigital Applications support some of the most strategic business processes and access an organizations most sensitive data. These applications also contain 92% of reported security vulnerabilities, not networks. Yet application security continues to receive less budget and attention than network security. This means security-aware companies must find a cost-effective application security solution to lower application-related security risk without compromising productivity. Not an easy task. Fortunately, there is a way. In this presentation, youll learn one simple solution to solving six of the most common security hurdles. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/managedservicesthepathtoproactiveapplicationsecurity-160125203608-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Applications support some of the most strategic business processes and access an organizations most sensitive data. These applications also contain 92% of reported security vulnerabilities, not networks. Yet application security continues to receive less budget and attention than network security. This means security-aware companies must find a cost-effective application security solution to lower application-related security risk without compromising productivity. Not an easy task. Fortunately, there is a way. In this presentation, youll learn one simple solution to solving six of the most common security hurdles.
The Path to Proactive Application Security from Cigital
]]> 1132 7 https://cdn.slidesharecdn.com/ss_thumbnails/managedservicesthepathtoproactiveapplicationsecurity-160125203608-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 BSIMM By The Numbers /slideshow/bsimm-by-the-numbers/55176595 bsimm-by-the-numbers-151116202607-lva1-app6891
The Building Security In Maturity Model (BSIMM, pronounced bee simm) is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. We know reports can be boring which is why we picked out some key facts so you can jump right in to the data. https://www.bsimm.com]]>
The Building Security In Maturity Model (BSIMM, pronounced bee simm) is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. We know reports can be boring which is why we picked out some key facts so you can jump right in to the data. https://www.bsimm.com]]> Mon, 16 Nov 2015 20:26:07 GMT /slideshow/bsimm-by-the-numbers/55176595 Cigital@slideshare.net(Cigital) BSIMM By The Numbers Cigital The Building Security In Maturity Model (BSIMM, pronounced bee simm) is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. We know reports can be boring which is why we picked out some key facts so you can jump right in to the data. https://www.bsimm.com <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsimm-by-the-numbers-151116202607-lva1-app6891-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> The Building Security In Maturity Model (BSIMM, pronounced bee simm) is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. We know reports can be boring which is why we picked out some key facts so you can jump right in to the data. https://www.bsimm.com
BSIMM By The Numbers from Cigital
]]> 1053 4 https://cdn.slidesharecdn.com/ss_thumbnails/bsimm-by-the-numbers-151116202607-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds document Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 BSIMM: Bringing Science to Software Security /slideshow/bsimm-bringing-science-to-software-security/54925810 bsimmbringingsciencetosoftwaresecurity-151109203239-lva1-app6892
There is an old management adage that says You cant manage what you dont measure. The Building Security in Maturity Model (BSIMM) applies scientific principles to the field of software security to effectively measure security activities across industries and business units. The BSIMM enables experts like you to discover what exists in the application security universe, how those things work today, how they worked in the past and how they are likely to work in the future. ]]>
There is an old management adage that says You cant manage what you dont measure. The Building Security in Maturity Model (BSIMM) applies scientific principles to the field of software security to effectively measure security activities across industries and business units. The BSIMM enables experts like you to discover what exists in the application security universe, how those things work today, how they worked in the past and how they are likely to work in the future. ]]> Mon, 09 Nov 2015 20:32:39 GMT /slideshow/bsimm-bringing-science-to-software-security/54925810 Cigital@slideshare.net(Cigital) BSIMM: Bringing Science to Software Security Cigital There is an old management adage that says You cant manage what you dont measure. The Building Security in Maturity Model (BSIMM) applies scientific principles to the field of software security to effectively measure security activities across industries and business units. The BSIMM enables experts like you to discover what exists in the application security universe, how those things work today, how they worked in the past and how they are likely to work in the future. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsimmbringingsciencetosoftwaresecurity-151109203239-lva1-app6892-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> There is an old management adage that says You cant manage what you dont measure. The Building Security in Maturity Model (BSIMM) applies scientific principles to the field of software security to effectively measure security activities across industries and business units. The BSIMM enables experts like you to discover what exists in the application security universe, how those things work today, how they worked in the past and how they are likely to work in the future.
BSIMM: Bringing Science to Software Security from Cigital
]]> 1231 7 https://cdn.slidesharecdn.com/ss_thumbnails/bsimmbringingsciencetosoftwaresecurity-151109203239-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 BSIMM-V: The Building Security In Maturity Model /slideshow/bsimm-v-new/51356301 bsimmvnew-150806173358-lva1-app6892
]]>
]]> Thu, 06 Aug 2015 17:33:58 GMT /slideshow/bsimm-v-new/51356301 Cigital@slideshare.net(Cigital) BSIMM-V: The Building Security In Maturity Model Cigital <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsimmvnew-150806173358-lva1-app6892-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br>
BSIMM-V: The Building Security In Maturity Model from Cigital
]]> 1763 8 https://cdn.slidesharecdn.com/ss_thumbnails/bsimmvnew-150806173358-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 5 Models for Enterprise Software Security Management Teams /slideshow/5-models-for-enterprise-software-security-management-teams/50008710 5modelsforenterprisesoftwaresecuritymanagementteams-150630143531-lva1-app6891
5 models for enterprise software security management teams (SSG Updated PPT)]]>
5 models for enterprise software security management teams (SSG Updated PPT)]]> Tue, 30 Jun 2015 14:35:31 GMT /slideshow/5-models-for-enterprise-software-security-management-teams/50008710 Cigital@slideshare.net(Cigital) 5 Models for Enterprise Software Security Management Teams Cigital 5 models for enterprise software security management teams (SSG Updated PPT) <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/5modelsforenterprisesoftwaresecuritymanagementteams-150630143531-lva1-app6891-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> 5 models for enterprise software security management teams (SSG Updated PPT)
5 Models for Enterprise Software Security Management Teams from Cigital
]]> 4791 8 https://cdn.slidesharecdn.com/ss_thumbnails/5modelsforenterprisesoftwaresecuritymanagementteams-150630143531-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 https://cdn.slidesharecdn.com/profile-photo-Cigital-48x48.jpg?cb=1523617635 Cigital is now a part of Synopsys, which offers the most comprehensive portfolio of software security solutions in the market. We go beyond traditional testing services to help our clients identify, remediate, and prevent vulnerabilities in the applications that power their business. Our holistic approach to application security offers a balance of managed and professional services and products tailored to fit your specific needs. We don't stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications. For more information go to https://www.synopsys.com/software. www.synopsys.com/software https://cdn.slidesharecdn.com/ss_thumbnails/7-lessons-learned-from-bsimm-synopsys-170330023228-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/7-lessonslearnedfrombsimmsynopsys/73921880 7 Lessons Learned From... https://cdn.slidesharecdn.com/ss_thumbnails/owaspclevelandoctober2016-as-161019161408-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/secure-design-threat-modeling/67417215 Secure Design: Threat ... https://cdn.slidesharecdn.com/ss_thumbnails/gettingexecutivesupportforasecurityprogram-161019143244-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/getting-executive-support-for-a-software-security-program/67411956 Getting Executive Supp...