About this Talk
Organizations have increased their reliance on digital tools and interfaces, and they are quickly ramping up their security posture as well. 2020 showed that malicious actors haven’t stopped attacking—in fact the attacks have broadened to focus on both direct and indirect targets like the supply chain or the people in the organization itself. Diverse and multiple attack surfaces require multiple security testing methodologies. This is done using static application security testing (SAST), dynamic application security testing (DAST), runtime application self-protection, software composition analysis (SCA), penetration testing, threat modeling, bug bounty, secure code review, and more. But when organizations have multiple test reports, they can be deluged with vulnerabilities that need to be looked into. How do organizations manage and work through it?
In this session, learn about the ways you can dig in and dig out through reports coming from a variety of tools. See how different reporting tools help you walk through and understand the security risk that the organization is currently facing. And discover how the same data can be viewed through different viewpoints and what inferences/assumptions can be made. The session also covers the UI aspects of reporting. Although a lot of time and effort has gone into collecting and analyzing the information, not much focus has been put on how it should be presented. If not presented well, data is not useful. See how both chart design and color impact how data is absorbed and understood. Attendees come away with a much more in-depth understanding of how vulnerability data can be managed, read, and analyzed—and more importantly, acted upon.