Difference between revisions of "Leading an AppSec Initiative"
(Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…')
Latest revision as of 19:08, 6 November 2010
Course Length: 2 Days
Today, every business function relies on custom software applications. These applications are typically built under tremendous time pressure by internal or contracted developers to fulfill a specific business need. Organizations need to be able to trust that this software has appropriate security mechanisms to thwart attacks and that the code does not contain vulnerabilities. Even software product companies have an extremely difficult time achieving trustworthy code, and experience shows that most custom applications have far more vulnerabilities. Recent market trends show a clear pattern: organizations need an Application Security Initiative in order to achieve this level of trust in their custom-built applications.
In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
Skill: Basic Training
- Be aware of secure application development and the value it brings
- Be able to compare your project with other comparable companies efforts in application security
- Understand that application security risks and their associated business risks need to be identified for all applications
- Be aware of the key security areas and understand the major threats to each
- Understand application security root causes, analyze an organization’s capability and utilize proven techniques in planning and managing an effective application security initiative.
- Understand how to successfully integrate secure coding activities and techniques across the application development lifecycle
- Be able to determine whether their team has the appropriate skills to build a secure application, and how to build teams with the required skills.
- Be familiar with common application security tools and technologies for building secure web applications and what security capabilities they provide
Instructor: Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.
Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.
Aspect is a Founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat and Stinger and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.]