Workshop 8: Building an AppSec Program with OWASP
Date & Time
Thursday, April 2, 2020, 9:00 AM - 5:00 PM
Explore the OWASP universe and how to build an application security program with a budget of $0. Experience a practitioner's guide for how to take the most famous OWASP projects and meld them together into a working program. Projects are broken down into awareness/process/tools, with an explanation of the human resources required to make this successful.
Training/education: Raising awareness with knowledge/training and building out a program. The practical portion includes discussion of rolling out proactive controls and hands-on time.
Process/measurement: Requirements, code review, best practices, development libraries, and building software without known vulnerabilities. The working portion includes assessing a sample app, threat modeling a sample app, and a sample assessment.
Tools: The testing approach and touch points are discussed, as well as a high-level survey of the tools. The working portion includes scanning a sample application.
Technical requirements: Attendees should have a foundational understanding of application/product security. Laptop required for lab exercises. Attendees should download the OWASP Proactive Controls, ASVS, SAMM, and ZAP.
Technical Level: Medium