Chapter 7 An AppSec Program - Alice and Bob Learn Application Security

Questions to be answer:

1. Give one reason why maintaining an up-to-date application inventory is valuable for any organization.

2. Give one example of an alert that your application could give. What type of behavior would cause such an alert, and why is it a problem?

3. Is testing the most important part of an AppSec program? If so, why? If not, why not?

4. Is it more valuable to buy a RASP or WAF tool (a shield for your applica- tion) or to spend that money on ensuring your code is secure? Explain your choice.

5. Describe a type of security incident that would require the assistance of developer. What would be needed of the developer?

6. If you could give software developers one tool to help them, what would it be? Explain your choice.

7. If you could give developers one learning resource, what would it be? Explain your choice.

8. What is the difference between SAST and SCA?

9. What is the difference between SAST and DAST?

10. Set a potential goal for your application security program at your office, a school project, or in a made-up place that you hope to work at some day. What goal did you set? Why did you choose this? How will you measure your progress?

11. Do you have current roadblocks stopping you from starting your first AppSec program where you work? If so, what are they? And better yet, how can you overcome them?

Buy the book

Take the course:

#tanyajanca #AppSec #devsecops #applicationsecurity #cloudsecurity