This OWASP Aarhus meetup is co-hosted with the Systematic Software Engineering. By signing up, you consent to us sharing your name and email with Systematic Software Engineering solely for the purpose of visitor pass registration.
Agenda:
19:00 – 19:10 Welcome by Systematic Software Engineering and OWASP Aarhus
19:15 – 19:45 "A04:2021 – Insecure Design ved Systematic" af Michael Ustrup, Software Security Architect, Systematic Software Engineering
Om præsentationen:
Michael løfter sløret for sit hjertebarn og giver et indblik i, hvordan Systematic håndterer A04:2021 "Insecure Design".
19:45 – 20:30 Networking break including tapas and drinks
20:30 – 21:25 "How (not) to Engage Developers in AppSec" by Mads Schaarup Andersen, Lead IT Security Consultant, Cyber Strategy & Security Test, BankData
about the presentation:
Many appsec programs struggle to make developers engage with security. This ranges from mitigating pentest and security scanning results to simply following the security policy. This often leads to the conclusion that developers don't care about security. However, developers exist in a context where managers, company policies, customer demands all influence how they prioritize tasks and given the right circumstances, most developers do indeed want to do secure software. In this talk, based on experience, research, and methods from human computer interaction, Mads will present the dos and don'ts of how to engage developers and successfully implement appsec.
about Mads:
Mads is currently working as a lead application security architect and has worked in security and privacy for more than 15 years. He has previously worked as a security and privacy consultant, worked in academic research, and has experience as a software engineer. His approach to application security and privacy is based on developer enablement and involvement through security champions programs - a mainly bottom-up approach where developers’ main tasks and concerns are taken seriously. Furthermore, Mads’s approach has a strong methodological foundation in human computer interaction with methods such as participatory design, design thinking, interviews, focus groups, workshops, etc.
