Explore a comprehensive conference talk from AppSecEU 2016 in Rome that provides a blueprint for changing security culture through application security awareness. Delve into the importance of software security, customer expectations, and vulnerability trends. Learn about the average developer's perspective and the need to think like security professionals. Discover strategies for building a sustainable security culture, focusing on human factors, and imparting essential knowledge. Examine the benefits of AppSec awareness, program architecture, team building, and content creation. Gain insights into effective assessment methods, gamification techniques, and recognition strategies. Conclude with a call to action and practical steps to implement a successful AppSec awareness program in your organization.
AppSec Awareness - A Blueprint for Security Culture Change
Overview
Syllabus
Introduction
Agenda
Software is everywhere
Customer expectations for security
Veracode State of Vulnerability Report
Source of vulnerabilities
The average developer
Think like security people
Security culture
People make the right decisions
Why change the security culture
Sustainable security culture
Focus on humans
Basic pieces of knowledge
History
Knowledge
Tasking Hands
Security Community
AppSec Awareness
Benefits of AppSec Awareness
Why AppSec Awareness
Four Things to Consider
Program Architecture
Assessment
Problem Space
Building a Team
Theme
Levels
Roles
Activities
Recognition
Cold Hard Cash
Budgeting
Content
Assessments
Level 1 Content Map
Content Creation
Humor Story
PG Rating
Gamification
Competition
Summary
Call to Action
Security Ninja
Questions
Taught by
OWASP Foundation
Related Courses
-
AppSec Awareness - A Blueprint for Security Culture Change
-
The Cybersecurity Culture Blueprint: A Proactive Approach
-
Building an AppSec Program from Scratch
-
Security Champions Leaderboard - Building and Gamifying Security Culture
-
AppSec Champions Programs - Best Practices and Survey Results
-
Leveling Up Your Application Security Program
