Overview
Explore a comprehensive conference talk from AppSecUSA 2014 that addresses the challenges of application security across multiple organizational teams. Learn how leading organizations are breaking down barriers between development, security testing, operations, and IT audit teams to enable better flow of application security data. Discover strategies for integrating disparate tools and systems to accelerate remediation efforts and measure software security program performance. Examine team and tool interaction patterns that reduce friction in addressing application security risks. Watch practical demonstrations using open-source products like OWASP ZAP, ThreadFix, Bugzilla, and Eclipse to replicate a powerful, integrated Application Security program. Gain insights on gathering program-wide metrics and calculating measurements such as mean-time-to-fix to monitor and ensure the health of your Application Security program.
Syllabus
Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information
Taught by
OWASP Foundation