Marc French, Senior Vice President & Chief Trust Officer at Mimecast, led our September bootcamp, Application Security. His presentation, focused on “The Rules of 8,” which consists of 8 core areas of appsec, and up to 8 tasks within each area, that taken together enable you to build your appsec team and processes.
Appsec is quite niche and, therefore, there are not a large number of appsec professionals. However, it is critical for securing the products that you ship, whether that be external, internal, or SAAS-based.
Below are the top 6 of the core areas, along with a short summary of the key tasks:
- Know your bits – Take an inventory of what you have, including teams and what they build. Make sure this inventory is updated and refreshed.
- Building bits – Understand how and where products are architected and developed so you can inject a review process in the appropriate phases.
- Training – Train yourself, your team, and other stakeholders. This builds knowledge and credibility.
- Verifying your bits – Understand the bug tracking system, the source code systems and processes, and the QA processes. Then run scans to ensure everything is clean and safe prior to shipping.
- Deploy your bits – Know the product roadmaps, including new releases and code pushes. Understand the release engineering process and the code signing process.
- Open your bits to others – Create 3rd party testing and validating.
We have two more bootcamps planned with a 3rd in the works to end the 2018 sessions.
October 1: Incident Response Plans/SOC
November 1: Physical Security
