This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Blue Teaming

From OWASP
Revision as of 14:37, 4 April 2019 by Sytzevk (talk | contribs) (Created page with "<< page in progress >> BLue Teaming is a practise for defenders in security to increase their security posture against a team of attackers (usually called the Red Team). This...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

<< page in progress >>

BLue Teaming is a practise for defenders in security to increase their security posture against a team of attackers (usually called the Red Team). This page discusses the case for Blue Teaming as a practise for Dev teams.

-- Playbook --

Dev team sees their appication is attacked, and tries as fast as possible to defend it. This can entail tuning logging, fixing configuration errors, fixing vulns in source code or 3rd party lib,

- priorities

- monitoring 

 - is monitoring available ? do we log the right data ? do we have enough context ?

- CI/CD solution 

  - is the automated build solution working and how quickly can it be deployed ?

- admin console 

 - is there an admin console ? can it be used to protect the application/data ? Or be used by the attacker to shut us out ?

- backups 

  - are backups available ? how do we make a snapshot of the data ?

- procuedures 

 - do we know how to escalate problems ? how to restore backed-up data ? how to get Ops to help out ?
Retrieved from "https://wiki.owasp.org/index.php?title=Blue_Teaming&oldid=249681"