Overview
Explore the challenges developers face in application security through this 28-minute OWASP Foundation talk. Delve into the AppSec problem overview, trust issues, and strategies for teams without dedicated security personnel. Learn about CSRF (Cross-Site Request Forgery) and discover developer-friendly AppSec tools. Examine the production bias in terms of people, timing, and context, and understand the importance of implementing security measures in the pre-production phase. Gain valuable insights to enhance your approach to application security and overcome common obstacles in the development process.
Syllabus
Intro
AppSec Problem Overview
Trust Issues
If You Don't Have a Security Team
Security Websters CSRF: Cross Site Request Forgery
There are Good AppSec Dev Tools Out There Developer native tools (in context, how they work)
Examining the Production-Bias: People
Examining the Production-Bias: Timing
Examining the Production-Bias: Context
Right Time: Pre-Production
Taught by
OWASP Foundation