Making End User AppSec Training Engaging with Building Bricks

Discover innovative techniques for creating engaging end-user AppSec training using LEGO bricks and minifigures. Learn how to leverage humor and visual storytelling to enhance retention of security concepts. Explore creative examples like depicting a constructor worker as a Builder, a pirate as a Breaker, and a gamer as a Defender. Dive into security topics such as injection vulnerabilities, component supply chain risks, and known vulnerabilities through clever LEGO representations. Gain insights on designing effective security guides, utilizing OWASP resources, and addressing various aspects of application security including insecure design, security configurations, and continuous review. Understand the financial impact of security breaches, learn best practices for protecting users and securing social media, and explore the importance of code integrity and security hygiene. This talk emphasizes the shared responsibility in maintaining robust application security and provides practical, memorable ways to communicate critical security concepts to end-users.

Intro
Dont use the hacker hoodie
Use the OWASP resources
Insecure Design
Security Configurations
Continuous Review
Dependencies
Financial Impact
Securing
Protecting Users
Social Media
Code Corruption
Not everything is safe
Security Hygiene
Medicare
DJ
Texas
Our responsibility
Wrap up