gmfpanda

1. How do you go about teaching SDLC stakeholders how to threat-model on a large scale if you had to assume very limited resources.

2. Furthermore, in todays AGILE SDLC world, how do you see threat-modeling working in that framework?

What type of vulnerability do you find is most difficult for scanners to find?

How would you, in as much detail as possible, go about doing security on RESTful Web services if given no documentation or WADLs and what IBM tools to accomplish a proactive assessment?

Thanks, FYI that link gets "Secure Connection Failed" in the above corrected. IE, don't make it https where you put "WASC: https://www.webappsec.org"

From that top 10 security issues I find Using components with known vulnerabilities particularly challenging. - Paul

I use https://www.owasp.org/index.php/OWASP_Dependency_Check

Veracode has it built into their scanner ;)