Are you ready for the worst? Application Security Incident Response

Presented at Diana Initiative 2018, Aug. 10, 2018, 5 p.m. (50 minutes)

No matter the size of your IT shop, if the first time you think about the security of the software is during a major incident, it’s not going to go well. I will teach developers and security teams to prepare for, manage, and hopefully prevent, application security incidents. Starting with preparation; do you have a proper application inventory? How do you manage your technology stack? Disaster Recover? Backup strategy? Do you have a WAF? Monitoring? Tools that are at the ready when the s* hits the fan? During an incident; who’s managing the incident? Do you know? What is triage? Who does the investigation? Do you have a “safe” place to do potentially destructive testing? This talk outlines an immediate plan for the audience to get started, with a list of open source tools the security team and/or developers will use to ensure that they are ready, for the worst.

Presenters:

• Tanya Janca - Senior Cloud Developer Advocate at Microsoft
  Tanya Janca is a senior cloud advocate for Microsoft, specializing in application security; evangelizing software security and advocating for developers through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events.  As an ethical hacker, OWASP Project and Chapter Leader, software developer, effective altruist and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.

Links:

• https://dianainitiative2018.busyconf.com/schedule#activity_5ad4f79faf8b4041cb0001ae

Similar Presentations:

• GrrCON 2018 / Structuring your incident response could be one of the most important things you do to bolster Security
• BSidesSF 2019 / How to Orchestrate a Cyber Security Incident Tabletop Exercise
• Wild West Hackin' Fest 2019 / Incident Response is HARRRRRD… but it doesn’t have to be