You and your team have been working on some web apps and APIs for a few sprints now, and you may or may not already have a version running in production, when out of the blue, the client announces that a security company will do an assessment of your project. If your initial reaction to this news is either being scared or concerned, you're probably right. And you should probably attend this session.

During this session, I'll explain what is typically going happen during a security assessment, and show you how to prepare before the assessment happens: with code to apply security headers or tighten down attack vectors, and with a threat model to quickly identify how fast a project gains vulnerabilities. Not to scare you even more, but help you get the overview and identify where you can easily perform some quick yet safe wins.