A Case Study in Building an AppSec Program: 0–60 in 12 months
This case study will detail the implementation of an enterprise application security program at a financial software provider. Day 1 the organization had no application security program. Day 365 they had a comprehensive program with controls throughout the SDLC, feedback loops and effectiveness metrics. This case will highlight the controls implemented, resistance encountered and lessons learned.