Internal Security Meetup

Back to list of all Outcomes


Planning

  • Threat
  • Vulnerability
  • Attack vectors
  • Offending vs. safe code
  • Countermeasure (fixing)
  • Deployment

Target Audience

  • Developers
  • Testers
  • Devops team
  • Managers (sometimes)

Approach

  • Theory by instructor or web-based training.
  • Hackathons for practical skills.

You can also go by topic, where you switch theory/practice for each topic.

TDD can be good for that. Write the code from security tests.

Create security buckets, filter out false positive and incorporate pentesting, static secure code analysis. Share the results back to developers, to fix and learn.

Study that shows cost of discovering mistakes. Discovery and fixing comes too late, too costly.

Objectives

  • Learn attack libraries, threat modeling
  • Increase the security awareness and code quality

Measurable outcomes

  • How many challenges you solve, get points
  • Reduced number of critical vulnerabilities in the codebase
    • hard to measure


Back to list of all Outcomes

Edit this page here