[Owasp-leaders] Getting started in AppSec

psiinon psiinon at gmail.com
Mon Oct 20 16:36:34 UTC 2014


This thread got me thinking:

Just pointing people at the Testing Guide isnt really that helpful (as I
did, sorry!).
We have a Getting Started <https://www.owasp.org/index.php/Getting_Started>
page, but its not exactly a simple starting point.
Jim started a related twitter thread that I thought was very interesting:

So ... can we come up with a simple '5 point plan' (or whatever) for people
who are just starting out in appsec?
So I'm thinking about people on the development side of the business -
could be developers, team leaders or lower -> middle management.
They develop software, and they know they dont know enough about security.
What should their first steps be?

Maybe we can (should?) get this down to infographic levels - think that
simple (at a high level, the devil will always be in the detail).

I'd be very happy to be involved in something like this, but I dont think I
should lead it:
1. I dont have the time
2. It could end up being "Use ZAP for almost everything";)

Or have we already got an ideal initial introduction that I'm not aware of?


OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141020/b99419c7/attachment.html>

More information about the OWASP-Leaders mailing list