OWASP AppSec India Conference 2008 AppSec For Managers

Jump to: navigation, search

Application Security for Managers


Most of the current effort in Application Security is directed towards securing applications after deployment to production. In an ideal environment however, security is at the forefront of daily operations, saving an organization time and money. This course aims to make this a reality by teaching executives and information security managers their important role in Application Security, giving them a general understanding of the threat landscape, and outlining the controls they may use to start or enhance their current Application Security Program. A major case study and various demonstration based components are used to guide students in understanding their role and how they can improve their organization's overall security posture.

Course Overview

Part 1 : Application Security - The Threat Landscape

Part 2 : Application Security - Architecture & Security Principles

Part 3 : Secure SDLC

Students who take this course will be able to

  • Introduction to concepts of Application Security
  • Understand the threat landscape in application security
  • Acquire the toolset required for securing and assessing their applications
  • Learn aspects of Secure SDLC
  • Be able to articulate a plan to start an Application Security Program
  • Learn metrics to aid in assessing organization's application security posture
  • Be able to confidently promote application security throughout the organization

Who Should Attend

  • CISO's and CSO's
  • Information security managers
  • Designated security experts
  • Anyone with a desire to understand application security

About Instructor

Nish Bhalla

Nishchal Bhalla is the founder of Security Compass, an Application Security Consulting and Training company. He has over 13 years industry experience.

Nish has co-authored, contributed & edited many security books including - Buffer Overflow Attacks & Hacking Exposed - Web Applications, IInd Edition.

He has spoken & taught at many conferences including Blackhat, ShmooCon and RSA.