Learn how to build and expand an effective application security program in this 37-minute conference talk from BSides Indy 2016. Explore key concepts such as the path of least resistance, the importance of policies and standards, metrics, aligning with the Software Development Life Cycle (SDLC), and implementing a formal program. Discover strategies for the initiation phase, adopting a "trust but verify" approach, and expanding your security initiatives. Gain insights from industry experts and prepare for upcoming talks in the field of application security.
Overview
Syllabus
Intro
Disclaimer
Path of Least Resistance
Application Security
Chris Wysopal
Why Policies Standards Matter
Metrics Matter
Aligning with the SDLC
Building a formal application security program
Initiation phase
Trust but verify
Expanding your program
shameless plug
upcoming talks
