Learn from a two-year journey of building an application security program from scratch in a small-medium sized company with no prior security infrastructure. Gain valuable insights into successful strategies, pitfalls to avoid, and practical goal-setting techniques. Explore topics such as static analysis, application inventory, champions programs, open source management, threat modeling, metrics, and runtime intelligence. Discover how to prioritize focus areas, implement core security measures, and manage your security portfolio effectively. Benefit from real-world experiences, common-sense perspectives, and actionable advice for starting and improving your own AppSec program.
Building an AppSec Program from the Ground Up - An Honest Retrospective
Overview
Syllabus
Intro
My Story
Context
Basic ToDo List
Confidence
The Cadence
Static Analysis
Application Inventory
Champions Program
Open Source
Threat Modeling
Whats Wrong
Metrics
App Appointment Tool
Runtime Intelligence
Core Security
Portfolio
What To Focus On
Homework
Build a champions program
Give back
One rule
Attack Surface Analyzer
ThirdParty Library Analyzer
Visualization
Taught by
LASCON
