Like most of the harder challenges we face in software development, increasing the security of software is a journey that takes careful planning, a lot of collaboration, and a healthy dose of iterating as you learn more. It’s the type of complex journey that goes more smoothly when you have a map.


In this workshop, we’ll look at what secure software roadmaps are, why they’re a useful tool to use as part of your overall software security approach, and how you can build one of your own.


Over the course of 2 days, you will go from a basic understanding of what makes a good application security program to having planned your own program roadmap- ready for you to go back to your company and implement.

Understanding what an application security program and roadmap are, why they are important and how they are structured

How to measure and understand your current maturity level including how to use OWASP SAMM and OWASP ASVS for measuring your existing programs or practices from a product and lifecycle perspective.

Setting realistic expectations and goals for your program

Defining what actions you can take to weave security through your software development lifecycle

Understanding how to measure progress as you implement your program

Anticipating and planning for common challenges we encounter when developing and implementing an application security program.


Software development leads who wish to support application security across their projects and teams.

Cyber security leaders and application security engineers looking to expand their approach to be more development aware

Those who wish to move towards application security in their organisation in a structured and measurable way.

A solid understanding of the concepts covered

A draft application security program roadmap that is tailored to your organisation and its current maturity level

You need to bring a laptop to this workshop.

As much as we wish it would, secure software doesn’t happen overnight.

There’s no single action you can take or technology you can deploy that will solve this complex problem for you. If you feel a bit disappointed by that, you’re in good company — it’s natural to wish for a simple solution. While we may not be able to provide that, we can certainly simplify the steps you need to take.

Agilent

Auth0

Azenix

Confluent

Kogan

Launch Darkly

MongoDB

mulesoft

netwealth

nintex

Octopus Deploy is an easy to use release management, deployment automation and operations runbook platform for software teams. It solves the hardest part of CI/CD - getting software into production, reliably and with less downtime - and keeping it running.

Octopus Deploy

Solace

Technological developments have a purpose: serving people. That’s what Telstra Purple is all about. We believe it’s people who give purpose to technology, and it’s the power of purposeful technology that inspires people. We are a global team of experts consulting on, delivering and managing leading-edge technology experiences. We solve problems, we design, we listen, we learn, we share. Putting purpose and people at the core of everything we do brings a brilliantly connected future closer to your reach.



Telstra Purple

Twilio

As Australia and New Zealand's leading online travel agency, Webjet leads the way in online travel tools and technology. We enable customers to compare, combine and book the best domestic and international travel flight deals, hotel accommodation, holiday package deals, travel insurance and car hire worldwide. Read more about our tech journey on webjet.tech/blog.

Webjet

NDC Melbourne 2022

Melbourne Convention and Exhibition Centre (MCEC)

Docusign

Mantel Group

Optiver

Particular

Prisma Cloud

Secure Stack

Smartbear

The TradeDesk

woolies

Yaama

NDC Sydney 2022

Hilton Sydney

NDC Minnesota 2022

Minneapolis Convention Center

SafeStack

Laura Bell Main is recognized as a global leader in developing secure software. As the CEO of SafeStack, a leading secure development education platform, she helps software development leaders worldwide engage their entire team in cyber security. She is the co-author of "Agile Application Security" (O’Reilly Media) and "Security for Everyone" (Holloway). 

Her work has been featured in many international publications, including WIRED and MIT Tech Review. She has presented at BlackHat USA, and RenderATL, as well as leading international software development and cyber security conferences.

Build your own application security program

In this workshop you will cover:

Who is this workshop for:

Outcomes:

Computer setup