You’re tasked with managing and reducing risk across an ever-growing and changing attack surface. The bad guys are looking for innovative ways to take advantage of vulnerabilities in more applications than ever before. This has caused the scope of vulnerability management to grow well-past just critical systems to now include both local and on-premises infrastructure, cloud-based and virtualized assets and services, as well as – most critically – now the application layer.
Currently this effort is fragmented requiring numerous teams and causing most organizations to adopt multiple point solutions. Conversely, attackers aren’t siloed in their approach to exploitation; even basic reconnaissance includes gathering potential points of exploitation across the entire stack.
The next evolution in attack surface management and vulnerability programs must also be an integrated approach where risk is managed and accountability organized around an application AND the associated infrastructure.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:
- Why Vulnerability Management needs to expand
- Challenges to expanding to include applications and infrastructure
- What MITRE has to say about application security
Nick will then be joined by Devin Krugly, Practice Advisor for the VRM Practice, Garrett Gross, Technical Advisor, Application Security and Justin Prince, Technical Advisor – Vulnerability Risk Management (VRM), all from Rapid7.
Devin and Justin will discuss why traditional attack surface management programs need to change, including:
- Chipping away at the legacy siloed approach, including methods to initiate change
- Unanticipated benefits of a coordinated program that attacks the full stack from applications to kernel
- Deriving meaningful reporting that supports actionable results
Garrett will then demonstrate how to configure and run a Dynamic Application Security Test (DAST), stepping through how to facilitate authenticated scans through validation of the identified vulnerabilities.
This real training for free event will be jam packed with technical detail and real-world application. Register today!