Explore the evolution of application security from its hacker roots to becoming an integral part of software development in this keynote address by Chris Wysopal. Trace the journey from the late 90s vulnerability research to the present day, where AppSec is essential for government and corporate security. Discover how the threat landscape shifted from hackers seeking fun to criminal gangs and nation-states monetizing critical bugs. Learn about the challenges faced, including Microsoft's initial reluctance and the subsequent realization of AppSec's importance. Gain insights into working as allies with development teams, building relationships, and improving processes. Examine the convergence of DevSec, shared accountability, and the future of supply chain security. Understand the balance between speed and accuracy in modern AppSec practices and how to become effective allies in the fight against cyber threats.
Overview
Syllabus
Introduction
What people dont know about Chris
Being an outsider
My first vulnerability
Developer appreciation
Microsoft
The Loft
Outsiders
Bill Gates
Threat Modeling
Fixing Issues
Development Processes
Evolving Developer Mindset
DevSec converging
DevSec Allies
Building Relationships
Shared Accountability
Process Improvements
Remediation Time
Data
The Future
Supply Chain
NIST
Wrapup
Becoming Allies
Speed vs Accuracy
Taught by
OWASP Foundation
