On this episode of CISO Tradecraft, you can learn how to build an Application Security program.
 Start with Key Questions for
Security
IT Operations
Application Development/Engineering Groups


Identify Key Activities
Asset Discovery
Asset Risk Prioritization
Mapping Assets Against Compliance Requirements
Setting up a Communications Plan


Perform Application Security Testing Activities
SAST
DAST
Vulnerability Scanners
Software Composition Analysis
Secrets Scanning
Cloud Security Scanning


Measure and Improve Current Vulnerability Posture through metrics
The number of vulnerabilities present in an application
The time to fix vulnerabilities
The remediation rate of vulnerabilities
The time vulnerabilities remain open
Defect Density - number of vulnerabilities per server


We also recommend reading the Microsoft Security Developer Life Cycle Practices Link
For more great ideas on setting up an application security program please read this amazing guide from WhiteHat Security Link
If you would like to improve cloud security scanning by automating Infrastructure as Code checks, then please check out Indeni CloudRail Link

Ver todos los episodios