Cybersecurity Teams
Green Team
Yellow Team
"The Builders"
Orange Team
Red Team
"The Breakers"
Purple Team
Function
increasing their security awareness by providing education to benefit software code and design implementation
offensive critical thinking included in builder's intrinsic thought pattern
Function
Blue Team
"The Defenders"
White Team
Includes
Logistics
Management
Compliance
Analysts
inspire Yellow Team to be more security conscious
Penetration tests
Black box testing
Exploiting vulnerabilities
Social engineering
Ethical Hacking
Web App scanning
Offensive Security
Incident Response
Operational Security
Damage control
Threat Hunters
Infrastructure protection
Digital Forensics
Defensive Security
Functions
Application Developers
Software Engineers
Software Builders
System Architects
Focus
user experience
functionality
requirements
back-end performance
good quotes
If debugging is the process of removing bugs, then programming is the process of putting bugs into the application. Testing only proves the presence of bugs, not the absence of them.
cycle
in theory
reality
Yellow Builds it. Red Breaks it. Blue Defends it. Yellow Fixes it.
Yellow Builds it. Red Breaks it. Blue Complains about it. Yellow ignores it. Management hides it
ideal
Yellow are educated with Red and work hand-in-hand with Blue
Function
DevSecOp
Function
Sharpened the skills of Blue and Red team members
effective for spot-checking systems in larger organizations
Facilitate improvement in detection and defense
Integrating defensive tactics with offensive results
maximize the results of Red Team engagements and improve Blue Team capability.
knowing both attack and defense is a huge asset to any organisation, team and individual
decrease in overall security bug count over time
understand
use cases
mis-use cases
abuse cases
Risk/Threat Model
STRIDE
Desired property
Threat
Spoofing
Tampering
Repudiation
Information disclosure
Denial of Service
Elevation of Privilege
Authenticity
Integrity
Non-repudiability
Confidentiality
Availability
Authorization
Safer Change Management including integrity monitoring
better data for digital forensics and incident response cases
Full coverage monitoring including improved Anti-Virus and End Point Protection on systems
improved logging capability,working to standardized and prioritize important events
w/o green team, blue team:
Injects security and monitoring requirements into projects, however, that in turn increases time frames and budgets, which tend to become categorized as non-essential requirements for launch.
ask and beg and push for monitoring improvements once a production system is live, forcing double the amount of work to add in improvements at the end of the development lifecycle.
to integrate Automated Security Testing
can be seen as
“too demanding” for the defenders
“too much of a killjoy” for the attackers
"too corporate” for the developers
Functions
set the rules of engagement
organise teams
set strategy
perform risk assessments
sets plans and monitors progress
encompass, and manage all of the colours, without directly being one of them.
Having White Team interact with a secondary colour team will decrease conflict since secondary colours understand the language of the primary colours they come from, but they are “closer to white” and understand multiple pieces of the security puzzle.