The popular saying, "You can't improve what you can't measure," holds true for application security. In this video, learn useful metrics for measuring the security of your application source code.
- [Instructor] I mentioned earlier in the course … that you can't effectively manage … your application security efforts … without the right measurements. … This is where metrics come into play. … In order to determine the right metrics for your program, … you need to start by identifying your audience. … Executives are expected to make strategic decisions … about their area of the business … and to ensure that the business is both healthy … and growing under their leadership. … If you're sharing application security testing minutia … with your execs, then I hate to break it to you, … but you're doing it wrong. … Executives want to know the value … from your application security testing activity, … that it exceeds the cost of that activity. … If you're getting your money's worth, great. … If you're not, then you should reconsider your approach. … Metrics around cost and value … really resonate with executives. … Execs also want to know if you need them to make a decision. … Should you spend more money or less money …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.