About This Series
Application security professionals are struggling. The transition to agile, DevOps, cloud, and the growing use of AI is empowering distributed development teams to build software with greater speed and autonomy. In contrast to the remarkable strides in development methodologies, AppSec teams are still playing catchup, both outnumbered and out-resourced. Given all these challenges, is it truly possible to “master” AppSec?
To that end, welcome to the ASPM (Application Security Posture Management) masterclass, where we will provide Application Security leaders and practitioners with the knowledge and tools to manage a risk-based AppSec program using the principles of ASPM as our guide. Participants will learn how to build AppSec programs which focus on risk, put KPIs in place to measure success, and work more seamlessly with both engineering and c-suite executives. Participants will walk away with the tools and know-how to build, manage and scale an AppSec program that works for your organization.
You Could Win...
Must be in live attendance to qualify. Duplicate or fraudulent entries will be disqualified automatically.
Virtual Event Sessions
Chapter 1: Intro to ASPM | Building better AppSec programs with ASPMNow On Demand
In this introductory chapter, we will review the foundations of AppSec program building and key concepts. We will also introduce ASPM (Application Security Posture Management) its core principles, and how AppSec practitioners and leaders can apply them in order to build, manage and scale a risk-based AppSec program.
- Sonya Moisset Senior Security Advocate, DevRel, Snyk
Chapter 2: An AppSec Inspection: Visibility & CoverageNow On Demand
As the saying goes, you can’t secure what you don’t know. Foundational to any AppSec program is being able to have full visibility into the “assets” which make up our software, and the ability to identify gaps in security coverage of those assets. This chapter will define an “asset” and help participants carry out a gap analysis of their own in order to ensure that critical software is being covered and resources are optimally utilized.
- Chen Gour-Arie Director of Engineering, Snyk
Chapter 3: Creating a Risk Based Blueprint
AppSec professionals are swimming in a sea of vulnerabilities, unable to keep up with the pace of development. This chapter will introduce the concept of risk-based AppSec management, enabling our security teams to go from a system of “chasing vulnerabilities” to “managing risk”.
- Micah Silverman Director of Developer Relations, Snyk
Chapter 4: Control the Next Zero-Day
This chapter will focus on incident response, and what AppSec teams should be prepared to do when a 0-day hits. We will learn how to identify what are the app assets that need an "all hands on deck" response and why due to the nature of zero-day incidents, AppSec deserves its own incident response plan.
- Omer Yaron Senior Research Engineer, Snyk
Chapter 5: Measuring Success
What does success look like? How do we know if we are “getting better”? This chapter will cover common metrics and KPIs for various stakeholders involved in developing applications, securing applications and eliminating potential business risk in order to answer the question – Is this working?
- To Be Announced , Snyk
Chapter 6: Empowering your team members: Creating a Culture of Trust
Securing your organization’s software security is a team sport, involving stakeholders from developers all the way to the C-suite. In this chapter, we will review the various stakeholders and their roles, what makes them tick, and how security can instill a culture of trust and ownership to get the job done.
- Vandana Verma Sehgal Security Relations Leader, Snyk