How To Stand Up an AppSec Program - Lessons from the Trenches

Presented at AppSec USA 2013, Nov. 20, 2013, 10 a.m. (50 minutes)

We all know the importance of building security into the development of a company's applications.  Most of us know many of the steps needed for an effective Application Security Program.  In this talk, we will discuss the best practices for implementing an AppSec Program, we'll list all the moving parts, and we'll talk about what worked and what didn't work in various organizations. Risk Management Metrics Training SDLC Requirements Design Review Development Testing Pre-Production Production Lessons Learned

Presenters:

• Joe Friedman - Director, Security Architecture and Planning - NYSE Euronext
  NYSE Euronext - Application Security Program, Security Architecture; Merrill Lynch - Pentest Program, Security Architecture; Johnson & Johnson - Risk Assessments and Pentests of M&A targets & Operating Companies, Development of Security Processes; Various financial firms, startups, and AT&T - Application Development

Links:

• https://appsecusa2013.sched.com/event/16gyL7T/how-to-stand-up-an-appsec-program-lessons-from-the-trenches

Similar Presentations:

• LocoMocoSec 2018 / Starting an AppSec Program: An Honest Retrospective
• AppSec USA 2017 / Juggling the Elephants – Making AppSec a Continuous Program
• AppSec USA 2015 / Ah mom, why do I need to eat my vegetables?