While you may have authority to test the security of internal applications, it's unlikely that you'll be authorized to perform the same hands-on tests of third-party applications. In this video, learn where those testing boundaries lie, as well as how to leverage third-party agreements to collect security testing results.
- [Instructor] Let's face it, … cloud computing is the new normal. … When companies can solve a business problem … with a Software-as-a-Service solution for a fraction of what … it would cost to develop that same application in-house, … the less expensive option is going … to win out more often than not. … So how does that impact your offline … application security testing activities? … While you may have the authority … to test the security of internal applications, … it's unlikely that you'll be authorized … to perform that same hands-on testing … of third-party applications. … That means that you have to extend more than … just your technology beyond the traditional perimeter. … You also have to extend your trust. … That doesn't mean that you have … to trust third parties blindly though. … It's okay to trust, but verify. … Let me share a quick story from my own personal experience. … I performed a penetration test … for a very large organization, … one with an annual revenue in the billions. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.