AppSecUSA 2015

Note: This is a two day course from Tues 2015-09-22 - Wed 2015-09-23

Any optimization outside the critical constraint is an illusion. In application security, the size of the security team is always the most scarce resource. The best way to optimize the security team is automation. This training will provide an overview of key application security automation principles and provide hands-on experience with creating an Application Security Pipeline augmented with automation. Over the course of two days, the students will cover the crucial aspects of where and when to add automation to their application security practices and gain experience with integrating APIs, automating security scanning, consolidate and de-duplicate security issues, automating submission of issues to defect trackers and generating reports/metrics in an automated fashion. Students should leave with an firm understanding of how to apply DevOps and Agile concepts to optimize their security programs.

The labs consist of a series of exercises which build upon each other to construct an AppSec Pipeline. After discussing each fundamental part of the pipeline, the student will be provided a lab to construct that portion of their own AppSec Pipeline. While these will be somewhat scripted labs, they will provide working examples of all the key concepts needed in adding automation to an AppSec program allowing the student to have seen the concepts in action before returning to work and applying them to their particular situation.

Who Should Take This Course?
AppSec professionals who are running an internal AppSec program. This course is designed to demonstrate both the principals in theory and practice around the creation of an AppSec Pipeline, the benefits it brings and how it can help you do more with less. Multiple open source software packages will be used to setup an example AppSec Pipeline in a series of hands on labs. The concepts and techniques of this course can then be applied to their AppSec programs to build their own, custom AppSec Pipeline.

What Should Students Bring?
A laptop capable of running a VM in either VirtualBox, VMware Player/Workstation/Fusion or Parrallels. A custom VM will be provided to the students which contains all the necessary software for the labs.