Building an Application Security Program from Scratch

Presented at Kernelcon 2019, April 6, 2019, 2 p.m. (50 minutes).

Have you spent lots of money on firewalls. network security, intrusion detection, and exfiltration prevention? What about the glaring hole left even after all that expenditure: Applications. Join me as I take you through a journey from no application security program at all, to five years later. We'll explore what my team did right, and our failures. I'll provide you with pointers to application security resources, and a possible approach to get started. If your company hasn't headed off on the application security journey yet, maybe you can avoid some of our mis-steps.

Presenters:

• Douglas Swartz
  Doug is a software developer. He fell into application security a while ago when helping to design two factor authentication for a 2400 baud dial-up application. After that, security became an avocation. Now it is his vocation. Doug has a life outside of technology.

Links:

• https://2019.kernelcon.org/agenda#appsec

Similar Presentations:

• AppSec USA 2015 / Ah mom, why do I need to eat my vegetables?
• DEF CON 8 (2000) / Web Application Security
• BSidesSF 2019 / How to Build an Application Security Program