Raleigh ISSA Slides Online for Skeletons in the Closet: Securing Inherited Applications

February 3, 2011
Dan Cornell

I gave a presentation to the Raleigh ISSA chapter this evening titled “Skeletons in the Closet: Securing Inherited Applications.” 

The slide deck is online here:

The main points we covered were:

  • You need to develop a listing of the applications in your portfolio. You can’t protect what you don’t know about.
  • These applications need to be risk-ranked so that you can prioritize software assurance activities. If everything is equally important then nothing is actually important so you have to have a framework for making tradeoffs.
  • Once you have these things you can start to have “grown up” conversations with executives about managing software risk.

This is very similar to a talk I gave at OWASP DC 2010 titled “Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers.” You can see video of that presentation online here.

Contact us for help dealing with your skeletons in the closet and email me if you would like a copy of the example Excel spreadsheet discussed during the presentation.

–Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *