Explore strategies for building strong relationships with developers to create an impactful AppSec program in this 33-minute lightning talk from AppSecCali 2019. Learn about Segment's competition-based training using Burp Suite and OWASP Juice Shop, partnership approaches for tool implementation, and methods for contributing to existing codebases. Gain practical insights on organizational buy-in, team building, secure code review, and vendor adoption. Discover the benefits of security-engineering embed programs and full-stack security engineering. Walk away with key takeaways and actionable examples to enhance your organization's application security efforts and foster collaboration between security teams and developers.
Working with Developers for Fun and Progress
Overview
Syllabus
Intro
Favorite Quotes
Outline
Organizational Buy In
Building a Team
Reviews
OWASP Juice Shop
Hands-On Training Schedule
Security 1337erboard
Secure Code Review
Absolute AppSec
AppSec Training
Vendor Adoption
Example - Snyk
Directory Integration
Security - Engineering Embed Program
Full Stack (Security) Engineering
Password Strength Meter
Developer Friendly SAST
Key Takeaways
Taught by
OWASP Foundation
