from Montel to We're gonna take a step back a little bit and I call this What do we do? What we defending? So we're gonna look at how are we going to look at vulnerabilities? How we're gonna think about threats, what kind of tools? Processes will be used to defend.
So this is a lesson 2.1 is a module over. We were just gonna take a look at the structure.
The outline. Look at static versus dynamic analysis, that overly complicated words we just means look in the source code and then actually analyzing the app. So we'll take a look at the differences between knows, take a look at third party libraries
and see and understand why it's so important to look at those and see what's being built into the application and whether those are secure
and along the same line is to supply chains the same type ideas taking third party
applications, third party libraries, entities, external components and
combining them into your code that you develop
well, look at the security in the web app, stack and just kind of go through each one of the components or layers of it. Just take a look at this weekend. You understand what being protected and nose and what kind of tools are needed.
And then finally look at the overview of the Jenkins pipeline and talk about it in a previous module.
Business chances to kind of look at the said that the different steps and different components we're going to set up.
So for the learning objectives, take a look at this some attack vector selected controls based on tax factors looking the Web app, stack differentiating static and dynamic analysis like you mentioned and they get third party libraries. And then we'll take a look at Jenkins.
So the success really is in the details here.
We just need to make sure we're planning out and understanding everything that has to do with def SEC ops before you just start running out again. Buying tools, we need to understand what we're what we're trying to do.
That's why we need to understand what the attacks are, how we did identify effective control.
Why should you understand the Web app? Stack all these thes thes parts of our necessary for having an effective CA security evaluation system.
So how do you know again like that if you don't even understand what attack vectors or what risks are, too, for your organization had even know what tools to use to be deploying. How should you even be checking it?
We should do a little bit of threat modelling, which is like mapping out some of tools to the tax kind of understanding.
What are the specific risk to my organization? Let me take a at of my app,
break it up into the components. Look at the boundaries that separate them. The data flow is all those those parts that make up an effective threat analysis.
So that's a very quick, just a brief overview of the module. So next we'll take a look at static and dynamic analysis.