filmov
tv
Vulnerability Writeups: The Magical 5 Minute Formula
Показать описание
▬▬▬▬▬▬ ABSTRACT & BIO 📝 ▬▬▬▬▬▬
Whether you're an elite security researcher or just starting out in security, odds are that you're terrible at effectively explaining vulnerabilities. Sorry, that's just a fact.
It's hard to find security vulnerabilities, but it's really difficult to establish trust, clearly and concisely explain the risk, and compel action all while being great to work with and not bruising any egos.
You have to be a great team player and absolutely resist the urge to blame. Otherwise you'll undermine your entire security program and culture -- which is really the whole point of finding vulnerabilities in the first place.
So, in this talk, I'm going to share the approach I developed over 15 years of consulting with the world’s largest companies. With some practice, you should be able to create a fantastic, compelling vulnerability writeup in less than five minutes.
Of course, you have to really understand the vulnerability first, but that's not what this paper is about. This is about what you do after you find something awesome.
Jeff Williams’ LinkedIn where he publishes articles like this…
A few of Jeff’s upcoming events he is speaking at:
➼Meet him in person at LASCON in Austin, Texas. He has two sessions – Thursday, Oct 28th at 1pm CDT and Friday, Oct 29th at 9am CDT and will be at the Contrast Security booth.
➼Join InfoSec World’s Virtual conference (November 9-10) to hear from Jeff, along with Contrast’s CISO David Lidner and Patrick Spencer, Sr Director of Communications as they discuss and debrief the OWASP Top 10 2021.
➼Hear from Jeff at the Global AppSec US 2021 Virtual Event (Nov 11-12) where he will discuss Security Observability 101: Thinking Inside the Box!
Listeners can expect to learn how to use the free and open-source Java Observability Toolkit (JOT) project to easily create their own powerful runtime instrumentation without coding.
▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬
A few links from Jeff
The main “How to Vulnerability” article….
Thoughts on the NIST Cybersecurity Executive Order Workshop
Making Security in a Software Factory -- thoughts on the future of application security work…
Re: “I want to become a penetration tester” – how to get started and become an appsec expert
▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
Whether you're an elite security researcher or just starting out in security, odds are that you're terrible at effectively explaining vulnerabilities. Sorry, that's just a fact.
It's hard to find security vulnerabilities, but it's really difficult to establish trust, clearly and concisely explain the risk, and compel action all while being great to work with and not bruising any egos.
You have to be a great team player and absolutely resist the urge to blame. Otherwise you'll undermine your entire security program and culture -- which is really the whole point of finding vulnerabilities in the first place.
So, in this talk, I'm going to share the approach I developed over 15 years of consulting with the world’s largest companies. With some practice, you should be able to create a fantastic, compelling vulnerability writeup in less than five minutes.
Of course, you have to really understand the vulnerability first, but that's not what this paper is about. This is about what you do after you find something awesome.
Jeff Williams’ LinkedIn where he publishes articles like this…
A few of Jeff’s upcoming events he is speaking at:
➼Meet him in person at LASCON in Austin, Texas. He has two sessions – Thursday, Oct 28th at 1pm CDT and Friday, Oct 29th at 9am CDT and will be at the Contrast Security booth.
➼Join InfoSec World’s Virtual conference (November 9-10) to hear from Jeff, along with Contrast’s CISO David Lidner and Patrick Spencer, Sr Director of Communications as they discuss and debrief the OWASP Top 10 2021.
➼Hear from Jeff at the Global AppSec US 2021 Virtual Event (Nov 11-12) where he will discuss Security Observability 101: Thinking Inside the Box!
Listeners can expect to learn how to use the free and open-source Java Observability Toolkit (JOT) project to easily create their own powerful runtime instrumentation without coding.
▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬
A few links from Jeff
The main “How to Vulnerability” article….
Thoughts on the NIST Cybersecurity Executive Order Workshop
Making Security in a Software Factory -- thoughts on the future of application security work…
Re: “I want to become a penetration tester” – how to get started and become an appsec expert
▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
0:56:36
0:11:22
0:00:07
0:02:34
0:00:12
0:08:04
0:04:24
0:14:24
0:06:04
0:00:19
0:22:21
0:02:10
0:03:17
0:14:44
0:03:27
0:03:12
0:20:42
0:05:49
0:08:02
0:05:58
0:09:47
0:02:56
0:02:08
0:16:05