ViewTube

ViewTube
Sign inSign up
Skip

Recommended videos

OWASP Foundation
OWASP Low-Code No-Code Top 10
36:22
OWASP Low-Code No-Code Top 10

224 views

3 months ago

Fireship
Best OS for programming? Mac vs Windows vs Linux debate settled
8:41
Best OS for programming? Mac vs Windows vs Linux debate settled

270,206 views

9 hours ago

NetworkChuck
the Linux File System explained in 1,233 seconds // Linux for Hackers // EP 2
20:33
the Linux File System explained in 1,233 seconds // Linux for Hackers // EP 2

2,064,437 views

3 years ago

OWASP Foundation
Cutting to the chase: Security Design and Guidance at scale
30:50
Cutting to the chase: Security Design and Guidance at scale

1,075 views

3 months ago

Show more

AppSec Threats Deserve Their Own Incident Response Plan

93 views

0

Channel image

OWASP Foundation

63.9K subscribers

Tue, 30 Jan 2024 00:00:00 GMT
Share

Tags

owasp

appsec

Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/ef/Global%20AppSec%202023%20-%20Fixing%20Broken%20Access%20Control%20-%20Final.pptx We've been hearing a lot about software supply chain attacks over the last two years, and with good reason. The cybersecurity ecosystem and industry at large have been inundated with warnings about this attack vector, with high-profile attacks leading to a stark increase in vendor solutions, and government regulations keep trying to catch up. Yet despite the popularity of AppSec-related incidents, our research has shown that most organizations do not have an incident response plan in place specifically for these attacks. Others that do have an IR playbook, often prepare to respond to infra-related attacks such as ransomware, rather than attacks based on application channels. Given the prevalence of these attacks, this presentation will focus on software supply chain incident response. It will include a quick response playbook, trends, and characteristics that make AppSec incident response deserving of its own plan. Omer Yaron Snyk Security Researcher Omer Yaron is a security researcher at Snyk, formerly the Head of Research at Enso Security. Omer has practical experience in securing scale cloud-computing and serverless environments from complex authorization architecture design to monitoring and incident response. Furthermore, working at the Israel National Cyber Directorate, Omer took an active role in incident response and digital forensics of nation-level cyber-attacks across large organizations. He also developed certifying courses and methodologies for incident response and triage procedures for the Israeli Cyber Emergency Response Team SOC. Working at the content core team of Magshimim, Israel's national cybersecurity youth training program, in conjunction with the Ministry of Defence, IDF, and National Cyber Directorate he created cyber-related content and syllabus for exceptional youth in the fields of computer science. He is a well-known speaker on AppSec and Supply Chain Security-related topics, including at RSAC, OWASP, and more. Omer holds a BA in Philosophy and Business Management. Managed by the OWASP® Foundation https://owasp.org/

0 Comments