10:00 - 17:00 (UTC-05)
Build your own application security program
As much as we wish it would, secure software doesn’t happen overnight. There’s no single action you can take or technology you can deploy that will solve this complex problem for you. If you feel a bit disappointed by that, you’re in good company — it’s natural to wish for a simple solution. While we may not be able to provide that, we can certainly simplify the steps you need to take.
Like most of the harder challenges we face in software development, increasing the security of software is a journey that takes careful planning, a lot of collaboration, and a healthy dose of iterating as you learn more. It’s the type of complex journey that goes more smoothly when you have a map.
In this workshop, we’ll look at what secure software roadmaps are, why they’re a useful tool to use as part of your overall software security approach, and how you can build one of your own.
Over the course of 2 days, you will go from a basic understanding of what makes a good application security program to having planned your own program roadmap- ready for you to go back to your company and implement.
In this workshop you will cover:
- Understanding what an application security program and roadmap are, why they are important and how they are structured
- How to measure and understand your current maturity level including how to use OWASP SAMM and OWASP ASVS for measuring your existing programs or practices from a product and lifecycle perspective.
- Setting realistic expectations and goals for your program
- Defining what actions you can take to weave security through your software development lifecycle
- Understanding how to measure progress as you implement your program
- Anticipating and planning for common challenges we encounter when developing and implementing an application security program.
Who is this workshop for:
- Software development leads who wish to support application security across their projects and teams.
- Cyber security leaders and application security engineers looking to expand their approach to be more development aware
- Those who wish to move towards application security in their organisation in a structured and measurable way.
- You will leave this workshop with:
- A solid understanding of the concepts covered
- A draft application security program roadmap that is tailored to your organisation and its current maturity level