Vulnerability Management in an Application Security World (OWASP)

In this video Dan Cornell the head of the Denim's group application security research team talks about vulnerability management  He discusses why is it necessary to not only find the vulnerabilities but also to fix them before they get exploited.He then tells the various steps involved  in vulnerability management like using ssl, doing code reviews etc . He then gives a brief idea on the overall process involved in vulnerability management . Moving ahead he then talks about defect management like identifying the defect present in the code and then verifying it . He also  discusses on the fact that why it is difficult to provide vulnerability management for application level vulnerabilities.  A pentester may only know how to identify the vulnerabilities but may not know how to fix them. He then talks about a plugin called defect logger that could be used with appscan to send the defects to the defect tracking system so  as to get the appropriate solution  for that particular defect.He then tells why is it necessary to  calculate the risk involved in each vulnerability and the calculation of the effort that is required in fixing the vulnerability  .He then tells the various steps involved in estimating technical  and logical vulnerabilities. He then finishes by giving examples of  some case studies.The presentation finally ends with a little Q and A session.

Prateek Gianchandani , 20 is a student dedicated to the field of network security . He has organized a number of workshops and hacking events in his college. Learning more and more about network security always keeps him busy . His favourite passtimes include listening to music,reading novels, playing snooker etc.  He is currently doing B-tech in electrical engineering from the prestigious Indian Institute of technology ,Roorkee. u can contact him at prateek_gian [-at*] yahoo.co..in