HellaConf 2020 - Nancy Gariché: Self-service Appsec as a service

Contrary to popular belief, organizations that build software in-house do not always have an application security program! If they do, their program often heavily or completely relies on imperfect scanning tools or pentesting engagement to find vulnerabilities. As an individual contributor, I was left wondering how to, early in the development lifecycle, provide relevant security requirements at scale to growing development teams. In this lightning presentation, I explain how by leveraging projects from the Open Web Application Security Project (OWASP) like the Application Security Verification Standard (ASVS), you can build a self-service security questionnaire that proactively provides tailored security requirements to software engineers.

OWASP Application Security Verification Standard
https://owasp.org/asvs

AppSec Global DC 2019 ASVS 4.0 Training
https://github.com/OWASP/ASVS/blob/ma...

SEEK’s Listo
https://github.com/seek-oss/listo

Mozilla's Security Checklist
https://github.com/mozilla-services/w...

Mozilla's Rapid Risk Assessment (RRA)
https://infosec.mozilla.org/guideline...

VSAQ: Vendor Security Assessment Questionnaire (Google)
https://github.com/google/vsaq

Relevant YouTube Talks

GOTO 2018 • From the OWASP Top Ten(s) to the OWASP ASVS • Philippe De Ryck
   • From the OWASP Top Ten(s) to the OWASP ASV...  

From the OWASP Top Ten(s) to the OWASP ASVS - Jim Manico
   • From the OWASP Top Ten(s) to the OWASP ASV...  

What’s new and exciting about the ASVS 4.0 - Josh Grossman
   • What’s new and exciting about the ASVS 4.0  

Leveraging the ASVS in the Secure SDLC - AppSecUSA 2017 - Derek Fisher
   • Leveraging the ASVS in the Secure SDLC - A...  

See more from Hella Secure at https://www.hella-secure.com and on Twitter @HellaSecure (  / hellasecure  .
Interested in gaming content, check out the HellaBearded channel:    / @melanko111   and on Twitter @HellaBearded (  / hellabearded   ).
Check out Hella Secure on Twitch:   / hellasecure  

Copyright Hella Secure & Hella Media 2020