Description: In this video Dan Cornell the head of the Denim's group application security research team talks about vulnerability management He discusses why is it necessary to not only find the vulnerabilities but also to fix them before they get exploited.He then tells the various steps involved in vulnerability management like using ssl, doing code reviews etc . He then gives a brief idea on the overall process involved in vulnerability management . Moving ahead he then talks about defect management like identifying the defect present in the code and then verifying it . He also discusses on the fact that why it is difficult to provide vulnerability management for application level vulnerabilities. A pentester may only know how to identify the vulnerabilities but may not know how to fix them. He then talks about a plugin called defect logger that could be used with appscan to send the defects to the defect tracking system so as to get the appropriate solution for that particular defect.He then tells why is it necessary to calculate the risk involved in each vulnerability and the calculation of the effort that is required in fixing the vulnerability .He then tells the various steps involved in estimating technical and logical vulnerabilities. He then finishes by giving examples of some case studies.The presentation finally ends with a little Q and A session.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.