Building a High-Value AppSec Scanning Programme

Understanding how to get better value from SAST, DAST and SCA tools.

Contents

Course Content

Back to top ↑

The course can be tailored to specific audiences or use cases. It has a set of standard topics which are covered and other topics which may be included.

Summary of standard topics covered

Back to top ↑

In this course you will learn how to address these problems and more (in a vendor-neutral way), with topics including:

  • What to expect from these tools?
  • Customising and optimising these tools effectively
  • Building tool processes which fit your business
  • Automating workflows using CI/CD without slowing it down
  • Showing the value and improvements you are making
  • Faster and easier triage through smart filtering
  • How to focus on fixing what matters and cut down noise
  • Techniques for various alternative forms of remediation
  • Review of other key tool types
  • Talk about other AppSec trends such as ASOC and ASPM

Exercises

Back to top ↑

To bring the course to life and let you apply what you learn, you will work in teams on table-top exercises where you design processes to cover specific scenarios, explain and justify your decisions to simulated stakeholders and practice prioritising your remediation efforts.

For these exercises, you will work based on specially designed process templates (which we will provide) which you can use afterwards to apply these improvements within your own organisation.

Be ready to work in a group, take part in discussions and present your findings and leave the course with clear strategies and ideas on how to get less stress and more value from these tools.

Additional content which can be included

Back to top ↑

There is also other content that can be included depending on preferences for the course:

  • More detailed comparison of the different tool types covered considering specific use-cases
  • Overview of other high-value AppSec activities
  • Discuss vulnerability aggregation including a demo
  • More information on building a process around Penetration Testing
  • Deeper Dive into other key aspects of an AppSec Programme
  • Additional exercises related to applying the course information to your own situation and next steps
Let's speak about this!

Back to Our Training