Security testing plans, whitebox testing tips, security toolsets, and automation were illustrated in previous chapters. Starting with this chapter, we will now discuss incident responses for a security operation team. We will mainly discuss the key activities in the key phases of the incident response process: preparation, containment, detection, and post-incident analysis. The field of incident response includes how to handle public CVE vulnerability, how to respond to whitehat or security attacks, how we evaluate each security issue, the feedback loop to the development team, and the tools or practices we may apply in incident response. The topics that will be covered in this chapter are as follows:
- Security incident response process
- Security operation team structure
- Incident forensics techniques