[Owasp-leaders] Getting started in AppSec

Timur 'x' Khrotko (owasp) timur at owasp.org
Mon Oct 20 16:49:18 UTC 2014


+1!!
On Oct 20, 2014 6:38 PM, "psiinon" <psiinon at gmail.com> wrote:

> Leaders,
>
> This thread got me thinking:
> http://lists.owasp.org/pipermail/owasp-community/2014-October/000400.html
>
> Just pointing people at the Testing Guide isnt really that helpful (as I
> did, sorry!).
> We have a Getting Started
> <https://www.owasp.org/index.php/Getting_Started> page, but its not
> exactly a simple starting point.
> Jim started a related twitter thread that I thought was very interesting:
> https://twitter.com/manicode/status/523999242189570048
>
> So ... can we come up with a simple '5 point plan' (or whatever) for
> people who are just starting out in appsec?
> So I'm thinking about people on the development side of the business -
> could be developers, team leaders or lower -> middle management.
> They develop software, and they know they dont know enough about security.
> What should their first steps be?
>
> Maybe we can (should?) get this down to infographic levels - think that
> simple (at a high level, the devil will always be in the detail).
>
> I'd be very happy to be involved in something like this, but I dont think
> I should lead it:
> 1. I dont have the time
> 2. It could end up being "Use ZAP for almost everything";)
>
> Or have we already got an ideal initial introduction that I'm not aware of?
>
> Simon
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
This message may contain confidential information - you should handle it 
accordingly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141020/ac269437/attachment.html>


More information about the OWASP-Leaders mailing list