From the course: Building an Application Security Program

Unlock this course with a free trial

Join today to access over 25,500 courses taught by industry experts.

Creating AppSec metrics

Creating AppSec metrics

From the course: Building an Application Security Program

Start my 1-month free trial Buy for my team

Creating AppSec metrics

- [Tim Chase] Now that we have tested our application, let's take a look at what we have learned and put it together to continue building our application security program. We will start by talking about metrics. Metrics are very important when building out a proper application security program. They help define the success of a program. You can't truly know how well your application security program is doing if you have no way to measure it. So as we're going through and as we're adding tools and processes to your program, we need to define a metric. When you're doing static analysis testing, you need to know what successful SaaS testing looks like. When you're doing pen testing, what does successful pen testing look like? How many vulnerabilities are you okay with letting through? What are the remediation timeframes? You use these metrics to perform executive reporting. CISOs, board members, CTOs, CEOs, they all want…

Contents