CISO Trainings , Governance & Risk Management , Next-Generation Technologies & Secure Development

Real-World Application Security: Top 10 Threats

Intuit's Threat Hunting Lead, Shannon Lietz, on Building a Better Red Team
Shannon Lietz, DevSecOps lead at Intuit

As the head of DevSecOps at Intuit, Shannon Lietz says she has a thirst for data to help her better understand how online attackers are gunning for her organization. So she runs honeypots that help track the tactics, techniques and procedures hackers use against Intuit. That enables the company's red team - its own white hat hackers - to help developers secure the company's products and services before outsiders can exploit them.

See Also: Reduce Dwell Time of Advanced Threats With Deception

Along the way, Lietz discovered that the top 10 application security risks facing her organization were markedly different than those described in the industry's benchmark - the OWASP top 10 list of critical web application security risks.

In a video interview at RSA Conference 2018, Lietz discusses:

  • The rise of agile development and DevSecOps;
  • Intuit's approach to threat hunting and red teaming;
  • The real-world application security top 10 identified by Lietz, contrasted with the OWASP top 10.
Slide from Shannon Lietz's presentation on "Exploring the Real-World Application Security Top 10" at the RSA 2018 conference in San Francisco.

Lietz is head of DevSecOps for financial software giant Intuit, where she also leads its threat hunting and red teaming efforts. She also founded the organization known as DevSecOps and regularly speaks on about how to marry agile development with solid information security and vulnerability remediation practices. She regularly speaks at conferences on the topic of DevSecOps, and delivered the keynote speech at OWASP AppSec Europe 2017 (see 13 Hot AppSec Sessions in Belfast, Northern Ireland).


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.