How To Stand Up an AppSec Program - Lessons from the Trenches presented at AppSec USA 2013

by Joe Friedman,

Summary : We all know the importance of building security into the development of a company’s applications. Most of us know many of the steps needed for an effective Application Security Program. In this talk, we will discuss the best practices for implementing an AppSec Program, we’ll list all the moving parts, and we’ll talk about what worked and what didn’t work in various organizations.
Risk Management
Metrics
Training
SDLC
Requirements
Design Review
Development
Testing
Pre-Production
Production
Lessons Learned