You've been tasked with boosting the security of your companies main application. An application penetration test report has just come back and it's got quite a few findings across the spectrum from some critical findings all the way down to informational findings. Where do you start? What items should be fixed first? In this session, we'll talk about how to prioritize injecting security into the SDLC and what a penetration test can tell you about your current process, and where your weaknesses truly are.
This session hopes to show that while fixing vulnerabilities in a penetration test report is important, it's also important to: - Step back and find the root cause of a vulnerability - Identify areas of the SDLC that need to be addressed - Ensure the same vulnerability does not occur again