Community Platform
Interests
  • Consumer applications and technologies
  • JavaScript
  • jQuery
  • JSON
  • more...
This Year
100 Points
Total
1635 Points
MIS Badge

Click here
to validate the recipient

The Future of AppSec

Speaker: Chai Bhat, Product Marketing Manager 

Activity Details: 

  • IT Live Webinar that focuses on the findings of the “Software Vulnerability Snapshot” report published by The Synopsys Cybersecurity Research Center (CyRC): 
        • Latest AppSec trends and challenges
        • Findings from “black box” and “gray box” testing
        •  A brief overview of best practices to address the latest AppSec challenges

What I Learned: 

  • Trends in the AppSec and Cybersecurity industries: 
        • Macro-Level Trends = DevOps Security, Cloud Migration, Risk Management, Software Supply Chain 
        • Micro-Level Trends 
          • BSIMM13 (measures software’s maturity through this framework – ex. Measure activities in cloud security and compare it to your peers in the industry; benchmark), integrating security options into CI/CD pipelines, supply chain disruptions, expand software security beyond apps and products 
          • Software Vulnerability Snapshot 
          • lower risk vulnerabilities can be exploited, third-party libraries often contain dangerous vulnerabilities 
          • A software Bill of Materials (SBOM) is indispensable to manage supply chain risk 
  • Applications remain the most common attach vector:
        • Software vulnerability exploit, Supply Chain/third-party breach, Web Application exploit (SQLi, XSS, RFI), Phishing, etc. 
  • Top Vulnerabilities: 
      • Weak SSL/TLS Configuration, Missing Content-Security-Policy Header, Verbose Server Banner, HTTP Strict Transport Security (HSTS) Not Implemented, Cacheable HTTPS Content, Insecure Content-Security-Policy-Header, Weak Password Policy, etc. 
    • Risk Management: 
      • Automated tests can’t find all vulnerabilities or 100% of the flaws in design, coding and configuration 
      • Optimal risk management requires: design
    • Hackers look for running applications and latest vulnerabilities to compromise your systems 
  • How the activity relates to coursework or your career goals: 
    • I am interested in learning more about Cybersecurity and am excited to take MIS4596 Managing Enterprise Cybersecurity next year. 
Skip to toolbar