Can AppSec Training Really Make a Smarter Developer?
Wednesday, November 20 • 11:00 am - 11:50 am
Most application risk managers agree that training software developers to understand security concepts can be an important part of any software security program. Couple that with the Payment Card Industry, who mandate that developers should have training in secure coding techniques as laid out in their Data Security Standard. Yet others call developer training "compliance-ware," a necessary evil and a tax on software development in the enterprise.
This presentation shares the results of a yearlong survey of nearly 1,000 software developers that captures their knowledge of application security before and after formal training. The survey queries developers from various backgrounds and industries, to better understand their exposure to secure development concepts and to capture a baseline for post-training improvements. The session also includes the results of a "retest" of a subset of respondents, to identify how much security knowledge they retained after a specific length of time. The results were surprising, and include information every application risk manager should know, particularly those who rely on training as part of an application security strategy.
Speaker:
John Dickson
Have spoken at the last three OWASP AppSec USA as well as AppSec EU in 2011. Have most recently spoken at the ISC2 Security Congress and the SANS 2013 AppSec Summit.
John Dickson is a security professional, entrepreneur, and Principal at Denim Group, Ltd who spends most of his time helping CISOs run successful software security initiatives. He has over 20 years in the security field in both the commercial and government sectors. He’s an ISSA Distinguished Fellow and a frequent contributor to OWASP, ISSA, and other security organizations. John is also an ex-US Air Force officer who served in the Air Force Information Warfare Center and the Air Force Computer Emergency Response Team. He is currently also a member of the US Air Force Space Command Commander’s Group, and an Honorary Commander for the 67th Network Warfare Wing. John currently heads up San Antonio’s regional Cyber security economic development committee at the Greater San Antonio Chamber of Commerce, and is currently Chairman of the Texas Lyceum, a statewide leadership organization.