ES Episode9

From Paul's Security Weekly
Jump to: navigation, search

This week in the news no excuses to go Phish yourself, a services vendor helps you identify risk, the #1 privileged identity management solution (According to some), and a huge blow to the Endpoint Security Agent market. And we'll talk about how to secure your SDLC. All that and more so stay tuned!

News

Securing The SDLC

Here is Paul's 5-Step process for a secure SDLC:

  1. Do threat modeling, train the architects, developers and security team in the process
  2. Do static analysis, train the developers to fix vulnerabilities as they go
  3. Do dynamic analysis, train the QA team to find vulnerabilities
  4. Do RASP (Runtime Application Self-Protection), train software to protect your application
  5. Do conduct external 3rd party application penetration tests