ASW #193 - AppSec (& adjacent) Metrics
ASW #193 - AppSec (& adjacent) Metrics

ASW #193 - AppSec (& adjacent) Metrics

๐”ธ๐•ฉ๐•Ÿ๐•š๐•ช๐•’>33

77 min
News
Play

Description

<p>We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them? In the AppSec News: OAuth tokens compromised, five flaws in a medical robot, lessons from ASN.1 parsing, XSS and bad UX, proactive security & engineering culture at Chime!</p> <p>ย </p> <p>Show Notes: <a href= "https://securityweekly.com/asw193">https://securityweekly.com/asw193</a></p> <p>Segment resources:</p> <p>- <a href= "https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics"> https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics</a></p> <p>- <a href= "https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance"> https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance</a></p> <p>ย </p> <p>Visit <a href= "https://www.securityweekly.com/asw">https://www.securityweekly.com/asw</a> for all the latest episodes!</p> <p>Follow us on Twitter: <a href= "https://www.twitter.com/securityweekly">https://www.twitter.com/securityweekly</a></p> <p>Like us on Facebook: <a href= "https://www.facebook.com/secweekly">https://www.facebook.com/secweekly</a></p>

Uploader

JoanneHill

JoanneHill

ASW #193 - AppSec (& adjacent) Metrics - Listen Free | WowFM