Episode 24

Using Threat Intelligence to Optimize your AppSecOps Program

Threat intelligence is nothing new, but in the case that leveraging it to improve your application security operations is a novel prospect, we're here to break the ice. Like most things in security, it starts with a few acronyms: NVD (the National Vulnerability Database), which provides a threat feed of CVEs and their corresponding CVSS severity score; and CISA's KEV (Known Exploited Vulnerabilities catalog), offering a more "IRL" picture of application risks. AppSec program builders needing more context than these open source databases provide have the option to go the paid route—recruiting a vendor's help in determining which exploited vulns pose a legitimate threat to their org, and how best to prioritize them.

Resources

Further listening

Understanding AppSec Part 3: Testing Your Code – DAST, Pentesting and Red Teaming

Episode 80

Understanding AppSec Part 2: Getting Your Code to the Cloud – IAC, Container Security, CSPM

Episode 79

Understanding AppSec Part 1: Securing Your Code – SCA and SAST

Episode 78

Scaling AppSec to Secure the Smallest Doors and the Biggest Buildings

Subscribe for updates

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences