Reality Checking Your AppSec Program
Offered By: YouTube
Course Description
Overview
Explore key insights into effective application security program management in this 25-minute conference talk from GrrCon 2016. Delve into topics such as compliance, diminishing returns, maturity versus security, the limitations of aggregates, the importance of comprehensive education beyond training, human factors in security, outcome-based approaches, and the distinction between verification and validation. Gain practical advice on improving your AppSec program and learn how to critically evaluate its effectiveness beyond traditional metrics and assumptions.
Syllabus
Intro
COMPLIANCE
DIMINISHING RETURNS
MATURITY IS NOT SECURITY
AGGREGATES HIDE UNIQUENESS
EDUCATION IS NOT JUST TRAINING
PEOPLE ARE NOT MACHINES
OUTCOMES ARE NOT EVERYTHING
VERIFICATION IS NOT VALIDATION
WHAT TO DO NOW
Related Courses
Web Application Development: SecurityUniversity of New Mexico via Coursera Systems and Application Security
(ISC)² via Coursera Cloud Application Security
University of Minnesota via Coursera Microsoft Azure Solutions Architect: Implement an Application Security Strategy
Pluralsight DevSecOps: Continuous Application Security
LinkedIn Learning