The growth in security threats has overwhelmed organizations. All too frequently, security teams are forced to prioritize compliance-related checkboxes, as opposed to work that makes a real dent in their organization’s security. Since few teams can afford to simply expand their teams to keep up — they must take a new approach to evaluating and prioritizing threats. This talk presents a counterintuitive approach to strengthening security: one that ignores over 90% of security vulnerability alerts. Using specific examples, it illustrates how organizations can ignore alerts with high confidence, and how this enables a marked shift in security workflows and behavior, thus significantly improving security posture.

Designed for private and public sector infosec professionals, the two-day OWASP conference equips developers, defenders, and advocates to build a more secure web. We are offering educational 2-day training courses on February 13-14 followed by the conference and exhibition days February 15-16.

When is a vulnerability not a vulnerability? Overcoming the inundation of noisy security alerts

Conference: Global AppSec Dublin 2023

Authors: Adam Berman

Abstract

Post a comment

Related work