Beruflich Dokumente
Kultur Dokumente
0 - 20190301
@gritche_
Governance of an AppSec Program Build the Program Run the Program Check Efficience
Build and run an AppSec Program Manage the program Policy Review Security
AppSec Policy
with KPI / KRI Process Review Pipeline Review
Manage the
S-SDLC Policy
Security Pipeline
Improve the Program
Asset all existing practices Identify Security Champions in Work with the Security Champions to
operational teams and work with them implement: Getting started is a difficult step and
Define a first achievable target and the running an AppSec Program is a long
path to quick-win: to improve the first step The first edition of the AppSec way. Be ambitious: iterate with
Write a first edition of your AppSec Introduce the AppSec Policy to the Policy better processes, more tools if
Policy defining why and what you teams of the identified perimeter The chosen security models and necessary and extension of the
want to do Train the stakeholders: processes perimeter.
Define the essentials items of the DevSec awareness for developers The identified tools of Security
Security Pipeline Automation for infrastructure Pipeline
Identify the perimeter to play the experts
Special thanks for reviewing to
first iteration: application and And let’s play the new game! Ludo_L_ Twit_No_Lu33Y
teams YassirKazar CoteNicolas