We understand that time is always in short supply when it comes to busy technology executives. Cybersecurity is a large and complex domain at times, particularly when it comes to application security, and many simply don’t have the time to navigate these cloudy waters. To that effect, we have created a series to help busy technology execs like you navigate through the often poorly understood field of application security and array of options out there.
An application security program is made up of people such as Security Champions in a dev team, process including governance and metrics, and technology that automates code security scanning among other security tasks. The usual application security challenges encountered by organizations building software include:
- Unclear of understanding of what is needed to build an effective AppSec program
- Being required to get a “pentest” and not knowing how to choose the right provider or if pentesting is the right thing to do
- Lack of knowledge when it comes to the AppSec tools and processes such as threat modelling, and how to best incorporate them into the development processes
- Unable to hire AppSec SMEs due to shortage of such professionals
In this Fast Forward series, we discuss the key pillars of application security and address the above topics in no more than 1-2 minutes each. We know you are busy, and want you to do AppSec right, so hope these video capsules help clear up a few things. If you want to discuss any of these topics, don’t hesitate to get in touch!