We will also cover a tiny bit of history, and quite a few definitions.
Below is a list of the history, for those who don't feel like taking notes.
•1995 Netscape launches Bug Bounty Program
•“Smashing The Stack For Fun and Profit”, 1996
•OWASP Founded December 2001
•Microsoft’s Security Development Lifecycle, 2006
•Verizon Breach Reports start 2008, we ‘win’* often
•Formal AppSec and/or bug bounty programs are created at non-software companies
•AppSec has only just started to be taught in somepost-secondary
•AppSec is considered a part of the main security priorities at most companies for the first time
Application Security 101 - Theory
Learn about creating and running an Application Security Program, from the ground up.
Lessons include; planning, launching, running, scaling, measuring and improving your AppSec Program. We will cover; tooling, where to start, how to measure, setting up SLAs, creating a security champions program, developer education, and more. Course will include lectures, reading assignments, written exercises, quizzes, checklists, and handouts. You will be expected to complete exercises which you can bring back to your office for implementation.