When you think about application security, I bet you think of fun times with friends and relaxing weekends at home. Like any other elite DevOps professional, you spend your time figuring out complex business problems and delighting customers with new functionality, not digging through incident reports and mitigating security issues. You learned early on that relying on the standards set by OWASP and baking security into every step of the SDLC not only made DevSecOps inexpensive and easy to deal with but also bought peace of mind from the whole team, who can now spend more time in a conga line instead of the issue queues.

Wait? What? Does not sound like you, or sound like some kind of pipe dream? That’s most likely because you are thinking of security as a set of tools or a specific department, instead of embracing the principles of the Open Web Application Security Project, OWASP. Thousand of the leading minds in security have contributed a lot of time and effort to lay out easy-to-follow guidelines and checklists that you can follow to make security much more manageable.

Yes, security incidents happen to all of us from time to time. But following the best practices, gathered and learned by industry leaders, can help you have a much better time while achieving better security throughout your organization.

In this talk you will hear:

Horror stories of security gone wrong
Navigational advice for parsing the OWASP offerings
Practical advice on how to test like a pro
Some immediate action items which won’t require any new tech investments to start down a better path.