, Track 2
It takes an average of 212 days to detect a security flaw. Demystify security flaws by seeing them as defects whose root cause needs to be identified. Using automation tools and QRQC, a Lean Methodology tool, you will see how to track vulnerabilities, correct them and avoid their reappearance.
It takes an average of 212 days to detect a security flaw. And at least 50% of websites contain a critical vulnerability. You may be one of them.
Security flaws are often ignored because developers don't know they exist and don't want to deal with them. We're afraid of them without daring to look them in the face. A small penetration test reassures us for a while. But have the pentesters been able to analyse all the code? And are we sure that the flaws reported won't come back tomorrow?
I aim to demystify security flaws by seeing them as defects whose root cause needs to be identified. Like a QA (Quality Assurance) tester, the cybersecurity expert comes to check the introduction of flaws daily.
I'm showing the use of Dantotsu also called QRQC (Quick Response Quality Control), a Lean Methodology tool to analyze why a defect was introduced and how it arrived in production.
At the end of this talk, you'll have a method for detecting and eradicating vulnerabilities in your projects, with key takeaways:
- Some cybersecurity automation tools
- How to use them
- A Lean tool to better analyse your vulnerabilities and implement sustainable countermeasures
Head of Cybersecurity Tribe @Theodo, Marine du Mesnil is particularly interested in cybersecurity. She is involved in the Theodo Security Guild, helping developers to create compliant products by training them and participating in various projects.
She follows OWASP publications and is particularly interested in access control, which has become the main cause of website vulnerabilities, and has been placed in the Top 1 of the new OWASP Top 10.
@marine_mesnil