Austin ISSA Slides: Structuring and Scaling an Application Security Program

The slides from my talk at Austin ISSA yesterday are online here:

The title of the talk was: Structuring and Scaling an Application Security Program

And the abstract  was:

Most organizations understand that the software they develop and deploy exposes them to risk from attackers. However the scope of the problem can be daunting. This talk looks at challenges organizations face when trying to structure and scale their application security programs and looks at strategies leading organizations have adopted to help make them successful. Using OWASP’s Open Software Assurance Maturity Model (OpenSAMM), the presentation looks at how development teams can plan to design and build applications securely via secure coding training, security requirements and threat modeling and how security teams can help evaluate the security of what development teams have produced via automated scanning as well as manual testing. In addition, the presentation discusses how both security and development teams can prepare to respond to issues that will inevitably arise so that they can most effectively diagnose and correct issues in a timely manner.

Thanks to the Austin ISSA folks for having me there to give a talk. I look forward to coming back again soon.

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *