OWASP Vancouver Chapter

The AppSec Poverty Line: Minimal Viable Security with Tanya Janca

Not every team has a security budget. Not every project has a dedicated AppSec engineer. But every product exposed to the internet needs some level of security to survive.
This talk explores what I call “The AppSec Poverty Line” also known as ‘Minimal Viable Security” — the minimum viable set of practices, tools, and cultural shifts that under-resourced dev teams can adopt to meaningfully improve application security. Whether you're a startup with no security hires, an independent dev, or part of a team that doesn’t have a security budget, this talk will help you prioritize what actually matters.
We’ll cover practical approaches to getting from zero to secure-ish, with a focus on:

• Training developers to write more secure code, and spot unsafe code
• Cultivating a security-positive culture
• Leveraging open-source tools that punch above their weight
• Knowing when “good enough” really is enough — and when it’s not

Attendees will leave with a roadmap for building real-world security into their product lifecycle — without breaking the bank or burning out the team. Because even if you’re below the AppSec poverty line, you don’t have to be defenseless.

About our speaker
Tanya Janca, aka SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Secure Coding’ and ‘Alice and Bob Learn Application Security’. She is currently the CEO and secure coding trainer at She Hacks Purple Consulting. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 42nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.

Details coming soon...

Details coming soon...

Details coming soon...