📋 Show NotesSecrets of AppSec Champions: Laying the Foundation of Application SecurityIn the inaugural episode of the multi-part series 'Decoding Application Security,' host Chris Lindsey and guest Anthony Israel-Davis, Product Security Manager at Fortra, dive into the fundamentals of building a successful application security program for large teams. They discuss essential first steps when starting at a new company, the importance of understanding the company culture, and the critical role of security champions. The conversation covers various aspects of application security, including the implementation of SCA, SAST, and DAST tools, the nuances of API and container security, and the importance of building strong relationships with developers and QA teams. Ultimately, the episode emphasizes the incremental and strategic approach necessary for managing and mitigating risks effectively in a complex software development environment. ❇️ Key Topics with Timestamps00:00 Introduction to Software Building 00:59 Meet the Expert: Anthony Israel Davis 01:08 First Steps in a New Company 02:57 Understanding the Application Environment 04:54 Building a Solid Security Foundation 11:29 The Role of Static Analysis (SAST) 17:12 Empowering Teams with Security Mindset 22:07 Collaboration with QA for Security 24:47 Ensuring a Clean Build: Developer and QA Collaboration 26:17 Dynamic Scanning Explained 27:32 Regression Testing and DAST 28:05 Understanding DAST Results and Fuzzing 33:24 API Testing: A Critical Component 37:02 Containerization and Security 42:12 Building a Secure Development Process 46:39 Final Thoughts and Key Takeaways

Ver todos los episodios