Building an AppSec Program with a Budget of $0 - Beyond the OWASP Top 10

Explore how to build a comprehensive application security program using free OWASP resources in this 42-minute conference talk from OWASP AppSec EU 2018. Discover the interconnected OWASP projects that form the foundation of a robust AppSec program, going beyond the famous Top 10. Learn how to implement these open-source tools and methodologies across different phases of program development, from training and awareness to developer tools, testing guidance, and defensive measures. Gain practical insights on leveraging OWASP projects like Proactive Controls, Software Assurance Maturity Model, Juice Shop, ASVS, ZAP, and ModSecurity to create a effective AppSec strategy without a budget. Understand the human resource requirements and implementation strategies for successfully utilizing these tools in both new and established security programs.