OWASP 2023 Global AppSec Dublin

You bought the application security tools, you have the findings, but now what? Many organisations find themselves drowning in “possible vulnerabilities”, struggling to streamline their processes and not sure how to measure their progress.

If you are involved in using SAST, DAST or SCA tools in your organisation, these may be familiar feelings to you. In this course you will learn how to address these problems and more (in a vendor-neutral way), with topics including:
* What to expect from these tools?
* Customising and optimising these tools effectively
* Building tool processes which fit your business
* Automating workflows using CI/CD without slowing it down.
* Showing the value and improvements you are making
* Faster and easier triage through smart filtering
* How to focus on fixing what matters and cut down noise
* Techniques for various alternative forms of remediation
* Building similar processes for penetration testing activities.
* Comparison of the different tool types covered.

To bring the course to life and let you apply what you learn, you will work in teams on table-top exercises where you design processes to cover specific scenarios, explain and justify your decisions to simulated stakeholders and practice prioritising your remediation efforts.

For these exercises, you will work based on specially designed process templates (which we will provide) which you can use afterwards to apply these improvements within your own organisation.

Be ready to work in a group, take part in discussions and present your findings and leave the course with clear strategies and ideas on how to get less stress and more value from these tools.