How to Start an Application Security Program

In this session from LeanAppSec Summer 2023, Amit Bagree (Head of Security, Rocket Lawyer) and Darren Meyer (Lead Solution Architect, Endor Labs) discuss the elements you may want to consider when starting an application security program from scratch. 0:00 - Introduction 2:55 - Understand your organization's business model and risks 5:30 - Get visibility with scanning (DAST/SAST) 7:40 - Create basic threat model 14:40 - When to invest in application security budget and staffing 18:50 - Reporting structure for application security teams 23:18 - Security champions program for developers 26:30 - Showing ROI for security programs 31:25 - Balancing developer time on business value vs security work 39:50 - Tactical first steps to focus your efforts 41:53 - Advice for CEOs and CTOs —Learn More— What is reachability-based dependency analysis? https://www.endorlabs.com/blog/what-is-reachability-based-dependency-analysis —LeanAppSec by Endor Labs— LeanAppSec is an application security educational program by Endor Labs. It includes quarterly live events featuring industry experts (like this video) and on demand courses. https://www.leanappsec.com/ Follow on LinkedIn https://www.linkedin.com/company/leanappsec —Endor Labs— Follow Us on LinkedIn https://www.linkedin.com/company/endorlabs Learn More About Endor Labs https://www.endorlabs.com/