Cheaper by the Dozen - Application Security on a Limited Budget

Discover how to build a robust application security program on a limited budget in this 46-minute RSA Conference talk. Explore a dozen OWASP open-source projects that can effectively address application security challenges without breaking the bank. Learn to identify, locate, and implement the right projects to match your organization's needs. Gain insights into scaling project risk, developing security champions, and implementing awareness and education initiatives. Understand the impact of headcount on various aspects of AppSec, including process measurement and tool implementation. Walk away with practical advice on getting started and maximizing the benefits of each project to transform your organization's application security posture. Ideal for those with a foundational understanding of AppSec looking to make significant improvements without a million-dollar budget.

Intro
Traditional AppSec programs
Goals of an AppSec Program
Security Champions
Scale of project risk
Awareness and education: impact and headcount
Awareness and education: getting started
Missing pieces in process and measurement
Process and measurement: impact and headcount
Process and measurement: getting started
Missing pieces in tools
Tools: impact and headcount
Tools: getting started
Headcount summary
The dozen OWASP projects as an AppSec program
Q+A and Thank you!