This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Blue Teaming"

From OWASP
Jump to: navigation, search
m
m
 
Line 28: Line 28:
 
- procuedures
 
- procuedures
 
   - do we know how to escalate problems ? how to restore backed-up data ? how to get Ops to help out ?
 
   - do we know how to escalate problems ? how to restore backed-up data ? how to get Ops to help out ?
 +
 +
- suggestions for Ops wrt hardening, config, monitoring, WAF, ....
 +
 +
- ATT&CK framework support for simulated attacks
 +
  
 
- tools
 
- tools
 +
  - burpsuite,ZAP
 +
  - quick method for risk calculation. is it worth fixing ?
 +
  -

Latest revision as of 20:49, 4 April 2019

<< page in progress >>

Blue Teaming for Developers is a practise for defenders in security to increase their security posture against a (simulated) team of attackers (often called the Red Team). T his page discusses the case for Blue Teaming as a practise for Dev teams. In contrast to fixing the application because of incident response in relative low pressure, Blue Teaming is a real time battle game against a (simulated) attacker.


-- Playbook --

Dev team sees their appication is attacked, and tries as fast as possible to defend it. This can entail tuning logging, fixing configuration errors, fixing vulns in source code or 3rd party lib,

- priorities

- monitoring

 - is monitoring available ? do we log the right data ? do we have enough context ?

- CI/CD solution

  - is the automated build solution working and how quickly can it be deployed ?

- admin console

 - is there an admin console ? can it be used to protect the application/data ? Or be used by the attacker to shut us out ? 

- backups

  - are backups available ? how do we make a snapshot of the data ?

- containment

   - how can we contain possible attacks ? 

- procuedures

 - do we know how to escalate problems ? how to restore backed-up data ? how to get Ops to help out ?

- suggestions for Ops wrt hardening, config, monitoring, WAF, ....

- ATT&CK framework support for simulated attacks


- tools

  - burpsuite,ZAP
  - quick method for risk calculation. is it worth fixing ?
  -