Topic
  • 3 replies
  • Latest Post - ‏2010-06-04T12:29:07Z by clay3250
Darrel Rader
Darrel Rader
9 Posts

Pinned topic Community Site Suggestions

‏2010-05-17T19:00:15Z |
Please let us know of any content/links that should be added or if you have any feedback on how we can make this site better.
 
Click here to return to the Community Home Page (if that is where you came from)
Updated on 2010-06-04T12:29:07Z at 2010-06-04T12:29:07Z by clay3250
  • Sukanya
    Sukanya
    1 Post

    Re: Community Site Suggestions

    ‏2010-06-02T13:52:23Z  
     We need to have some kind of structure to organize the demos, discussions and related materials.  I was wondering how could we organize discussion around the following topic ?
    1. Application Security Life Cycle management. :
      1. Threat modeling
      2. Risk Analysis
      3. Development and testing - iterative process
    2. Application Security coding best practices
    3. Application Security Testing Tools
      1. Black box testing tool - AppScan
        1. Configurations
        2. Using the tool
        3. Reading the report
      2. White box testing tool - Ounce lab product
  • Darrel Rader
    Darrel Rader
    9 Posts

    Re: Community Site Suggestions

    ‏2010-06-03T04:05:51Z  
    • Sukanya
    • ‏2010-06-02T13:52:23Z
     We need to have some kind of structure to organize the demos, discussions and related materials.  I was wondering how could we organize discussion around the following topic ?
    1. Application Security Life Cycle management. :
      1. Threat modeling
      2. Risk Analysis
      3. Development and testing - iterative process
    2. Application Security coding best practices
    3. Application Security Testing Tools
      1. Black box testing tool - AppScan
        1. Configurations
        2. Using the tool
        3. Reading the report
      2. White box testing tool - Ounce lab product
     Hi Sukanya, thanks for the suggestion. Would it make sense to add these major categories under our learning resources.  Are you also suggesting that we need some additional discussion forums?
  • clay3250
    clay3250
    1 Post

    Re: Community Site Suggestions

    ‏2010-06-04T12:29:07Z  
    • Sukanya
    • ‏2010-06-02T13:52:23Z
     We need to have some kind of structure to organize the demos, discussions and related materials.  I was wondering how could we organize discussion around the following topic ?
    1. Application Security Life Cycle management. :
      1. Threat modeling
      2. Risk Analysis
      3. Development and testing - iterative process
    2. Application Security coding best practices
    3. Application Security Testing Tools
      1. Black box testing tool - AppScan
        1. Configurations
        2. Using the tool
        3. Reading the report
      2. White box testing tool - Ounce lab product
    Sukanya, 
     
    I have managed several private security discussion among groups and the direct feedback always made a big difference.   So maybe what you might consider is developing these kinds security roundtables in your region?  The way I started mine was with the financial and healthcare services organizations since their need for security is often more pressing and budgets are more readily available. 
     
    As far as roadmaps, I like this application security checklist-outline: 
     
    You can find more details on this checklist here: http://en.wikipedia.org/wiki/Application_security
     
    Best, 
     
    Richard Bryant, CBCP