In this fourth instalment in the InfoSec Colour team series, we will be exploring the role of the Orange Team, its role in the InfoSec Colour Team Structure and how it interacts with the other teams. The Orange team are created to maximise the effectiveness of both the Red and Yellow teams. They do this by integrating Yellow team members with enhanced and in-depth knowledge of architecture and coding, with members of the Red team whose expertise remain in hacking and exploitation. Ideally Orange should not be a permanent team, but rather a dynamic membership between the Red and Yellow teams., which is why it could be seen more as a function or process between the Red and Yellow teams.
What should the two teams bring to the party?
The Orange team should look at previous security tests, active security bug/defects, and known infrastructure. This information can then be used to help educate the Yellow team on how an attacker would look to exploit the application or systems. The Yellow will then review and digest this information, adjusting secure coding frameworks and architectural patterns accordingly.
The Orange team should also assist the Yellow team with Threat modelling using active cyber intelligence of known Tactics, Techniques, and Procedures (TTPs) from the Red or Purple teams. The Orange team can also devise ways to test the Yellow team by arranging Secure Coding challenges. These events would then be used to help educate the Yellow team on best coding practices.
DevSecOps is becoming a more adopted method across the industry. The Orange team should look at how to assist the Yellow team to integrate security testing tools such as SAST, DAST, and IAST into the development lifecycle. This would then provide valuable and speedy feedback on the code quality and security defects, before deploying to the tester or production environments.
The main objective of the Orange team is to empower your builders with best security practices, Secure Development Training, and helping them to build better systems and solutions.
To read our other InfoSec articles please follow the link below.
Contact us at SQA Consulting to find out how we can assist you in the development and build of your team’s skills, and in the testing of your cybersecurity capability.