Learn how to initiate and develop an effective application security program in this 48-minute conference talk from ShowMeCon 2017. Explore key aspects such as vulnerability tracking, bug management, and developer training. Discover strategies for building relationships, conducting assessments, and improving security processes. Gain insights on measuring maturity, enhancing programming skills, and fostering a security-conscious developer mindset. Understand the importance of security in today's digital landscape and acquire practical tips to position developers for success in implementing robust application security measures.
Overview
Syllabus
Intro
Welcome
Starting an application security program
Why this talk
Roadmap
Columbia SC
Research
Tools
Vulnerability tracking
Bugs
Greatest
ThreadFix
Defect Dojo
Confirm Findings
Training
Phishing email
Developer mindset
Moving left
Next journey
Understand the environment
Build relationships
Help with problem
Attend meetings
Inventory
Assessments Processes
Dev Questions
Bacon
Swag
Security wins
MongoDB ransomware
Why security is important
Measuring maturity
Learning how to program
Improving your skills
Final thoughts
Put developers in a position to succeed
