This series, and my blog, have moved! Check it out!
In my talk that this blog series is based on, "Pushing Left, Like a Boss", I detailed what I felt an AppSec program should and could be. Since then, I've learned a lot and now see that there are quite a few activities that you can do, but it's the goals and the outcomes that actually matter. Our industry has also changed quite a bit since I wrote that talk (written in 2016, first seen in public 2017).
My first international talk, at AppSec EU, 2017. Only 2 years ago.
My previous thoughts on what a basic AppSec Program should be:
- Vulnerability/Security Assessments and VA scans
- Threat modelling
- Secure Code Review
- Penetration Testing
- And that these activities should cover both COTS (configurable off the shelf products, like SharePoint or SAP) and custom apps (homemade software)
Top comments (0)