"Running a Scalable AppSec Program Using Open Source" by Spyros Gasteratos

OWASP New York City Chapter
OWASP New York City Chapter
Public group

Online event

This event has passed



Application security is a multidisciplinary effort. A solid culture, good training, extensive tooling and exceptional common libraries are all necessary in order to achieve required results. While some vendor based solutions help accelerate the process, this isn’t always the best option for a startup.

This talk tells the story of how we achieved acceptable results using an Open Source approach to save time and money, will highlight our failures and where just committing to spending money would have been easier. Lastly we’ll talk about how we measured the outcome and how we gathered those metrics.

This talk is for anyone interested in implementing an AppSec programme within their org or looking to mature an existing one. We’ll go through automation, and maturity levels of each step along with how to measure effectiveness.

Speaker Bio:

Spyros Gasteratos (@0xfde) is the AppSec lead in the FinTech startup, Thought Machine. He contributes to several Open Source projects including Dracon, OWASP Integration Standards and OWASP Security Knowledge Framework. Also, he usually doesn’t speak about himself in the third person.

- OWASP Project Integration Standards: https://owasp.org/www-project-integration-standards/

- OWASP Security Knowledge Framework: https://owasp.org/www-project-security-knowledge-framework/