Build your own application security program

As much as we wish it would, secure software doesn’t happen overnight. There’s no single action you can take or technology you can deploy that will solve this complex problem for you. If you feel a bit disappointed by that, you’re in good company — it’s natural to wish for a simple solution. While we may not be able to provide that, we can certainly simplify the steps you need to take.

    Like most of the harder challenges we face in software development, increasing the security of software is a journey that takes careful planning, a lot of collaboration, and a healthy dose of iterating as you learn more. It’s the type of complex journey that goes more smoothly when you have a map.

    In this workshop, we’ll look at what secure software roadmaps are, why they’re a useful tool to use as part of your overall software security approach, and how you can build one of your own.

    Over the course of 2 days, you will go from a basic understanding of what makes a good application security program to having planned your own program roadmap- ready for you to go back to your company and implement.

    In this workshop you will cover:

    • Understanding what an application security program and roadmap are, why they are important and how they are structured
    • How to measure and understand your current maturity level including how to use OWASP SAMM and OWASP ASVS for measuring your existing programs or practices from a product and lifecycle perspective.
    • Setting realistic expectations and goals for your program
    • Defining what actions you can take to weave security through your software development lifecycle
    • Understanding how to measure progress as you implement your program
    • Anticipating and planning for common challenges we encounter when developing and implementing an application security program.

    Who is this workshop for:

    • Software development leads who wish to support application security across their projects and teams.
    • Cyber security leaders and application security engineers looking to expand their approach to be more development aware
    • Those who wish to move towards application security in their organisation in a structured and measurable way.

    Outcomes:

    • You will leave this workshop with:
    • A solid understanding of the concepts covered
    • A draft application security program roadmap that is tailored to your organisation and its current maturity level

    Computer setup

    You need to bring a laptop to this workshop.

    Laura Bell
    CEO of SafeStack, SafeStack

    With over twenty years of experience in software development and information security, Laura Bell Main specializes in bringing security into organizations of every shape and size.

    She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, focusing on building security skills, practices, and culture across the entire engineering team.

    Laura is an experienced conference speaker, trainer, and regular panel member and has spoken at various events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.

    She is also the co-author of Agile Application Security and Security for Everyone.

    Programutvikling uses cookies to see how you use our website. We also have embeds from YouTube and Vimeo. How do you feel about that?