Leading An Appsec Initiative presented at OWASP Appsec 2010

by Anonymous Speaker, Luciano Bello,

Tags: Workshops

URL : http://www.owasp.org/index.php/Leading_an_AppSec_Initiative

Summary : Today, every business function relies on custom software applications. These applications are typically built under tremendous time pressure by internal or contracted developers to fulfill a specific business need. Organizations need to be able to trust that this software has appropriate security mechanisms to thwart attacks and that the code does not contain vulnerabilities. Even software product companies have an extremely difficult time achieving trustworthy code, and experience shows that most custom applications have far more vulnerabilities. Recent market trends show a clear pattern: organizations need an Application Security Initiative in order to achieve this level of trust in their custom-built applications.

In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.