Government agencies continue to see growing cybersecurity challenges. Software Security Assurance (SSA) is a new approach entities are taking to improve security measures in their organizations. A critical component of SSA are threat assessments, which involve accurately identifying and characterizing potential attacks upon an organization's software in order to better understand the risks and facilitate risk management. By starting with simple threat models and building to more detailed methods of threat analysis, an organization improves over time.
Attend this session to:
Learn about the current threats and attack vectors;
Understand the basics of threat modeling software applications;
Learn best practices for securing your software.
To face the growing cyber security challenges, government entities are turning to a new approach to application security: Software Security Assurance (SSA). SSA is a comprehensive discipline that provides a systematic way to secure your software at every phase in the application life cycle. As organizations look to implement Software Security Assurance, open frameworks are used to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. One such framework is called The Software Assurance Maturity Model (SAMM).
A critical component of SAMM, threat assessment, involves accurately identifying and characterizing potential attacks upon an organization's software in order to better understand the risks and facilitate risk management. By starting with simple threat models and building to more detailed methods of threat analysis, an organization improves over time.
Fortify invites you to view a webinar on Software Threat Modeling. This webinar will provide you with the knowledge to better understand how to conduct threat modeling within your agency. Join us and learn:
The basics of threat modeling software applications
The meaning of threats, attack vectors, and trust zones
Secure design concepts and ambiguity analysis
Best practices for securing software architecture
Also, attend this webinar and receive a complimentary copy of "Software Assurance Maturity - A Guide to Building Security Into Software Development."
Federal Practice Manager, HP - Fortify Security Solutions
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security. In recent years, he has led over 30 enterprise security assessments for Federal Government & Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE.