How to kick start an application security program presented at BSidesKnoxville 2017

by Timothy Deblock,

Summary : Management wants a security program setup in the software development life cycle (SDLC). You have very little programing experience. What do you do? This talk will walk through my experience of setting up appsec programs with minimal programming experience. The first part of the journey will cover tools. How a dynamic and static analyzer fit into an appsec program. Options for tracking vulnerabilities. Working with developers to remediate findings. Training developers to use the tools. The second part of the journey will focus on strategy. Understanding the environment. Implementing assessments and processes. Training developers to improve their security mindset. Finally, the talk will touch on potential next steps. This talk is for those looking to make an impact in the SDLC.