Doing This One Crazy Thing Will Change Your AppSec Program Forever

Discover how to revolutionize your application security program in this eye-opening LASCON conference talk. Explore critical aspects of software security, addressing communication challenges and market issues. Delve into DevSecOps practices, clickjacking prevention, and risk assessment strategies. Gain practical advice on prioritizing evidence, testing runtime realities, and optimizing for learning. Learn about runtime protection, security labeling, and the importance of transparency in security practices. Engage with thought-provoking questions and insights on smart shifting, visibility enhancement, and the concept of "security bombs." Acquire valuable knowledge to transform your AppSec approach and create a more robust, effective security program.

Intro
Securing Software is Critical
The Communication Problem
Fixing the Market
Biggest Risk to AppSec
DevSecops
Clickjacking
Are we secure
Practical advice
Prioritize evidence
Test the runtime reality
Optimize for learning
Runtime protection
Labels for security
Security in Sunshine
Questions
Shifting Smart
Visibility
Labels
Labeling
Sbombs
UGW