In today’s threat landscape, a single vulnerability in the code we write, the libraries we import, or the infrastructure we configure can lead to data breaches, downtime, regulatory fines, and eroded user trust.
This presentation dives into the CIS Controls Application Software Security Domain (Control 16 - https://www.cisecurity.org/controls/application-software-security), a respected framework for managing the full security lifecycle of in-house, hosted, and acquired software.

Tailored specifically for software engineers, the session highlights the real-world impact of insecure development practices and provides practical, actionable guidance drawn directly from the 14 safeguards in CIS Control 16. You’ll leave understanding why secure coding, threat modeling, vulnerability management, and secure design are non-negotiable parts of our daily work—and exactly how to apply them to prevent exploits before they reach production.

Agenda:
• The Critical Need – Why Software Security Is No Longer Optional
• CIS Control 16 at a Glance – The Official Framework for Application Security
• Core Practices Every Engineer Must Own (Core of CIS Control 16)Secure by Design & Development
• Vulnerability Management & Third-Party Risk
• Testing, Hardening & Separation
• From Awareness to Action – Making Security Part of Your Daily Workflow
• Key Takeaways, Q&A, and Your Next Steps