A good first impression can work wonders: creating AppSec training that developers ❤

Presented at LocoMocoSec 2019, April 18, 2019, 1 p.m. (30 minutes).

Good vulnerability response practices are critical to software security. But good vulnerability response practices work even better on software built with security in mind. At Segment, we use vulnerability report data and gamification to help our developers grow their security mindset. In this session, we’ll explain our two-tiered approach to both helping developers understand trends in our vulnerability reports. We take a two-tiered approach, first presenting vulnerability report and pentesting trends to help teach where vulnerabilities have been identified in the past, and then teaching our team how to hunt for and report security bugs they’ve found. We’ve found this approach really helpful to increasing security before release, almost eliminating one class of vulnerability reports. In this session, I’ll talk about the details of how we do this security training—see if you think this could help you!

Presenters:

  • Leif Dreizler - Segment
    Leif works on the AppSec team at Segment, partnering with engineers to continuously improve their security story and protect customer data. Leif got his start in the security industry at Redspin doing security consulting work, and was later an early employee at Bugcrowd. He was a founding member of the Santa Barbara OWASP Chapter, the AppSec California conference, and is currently an organizer for the Bay Area OWASP Chapter.

Links:

Similar Presentations: