A Good First Impression Can Work Wonders: Creating AppSec Training That Developers Love

Good vulnerability response practices are critical to software security. But good vulnerability response practices work even better on software built with security in mind.

At Segment, we use vulnerability report data and gamification to help our developers grow their security mindset. In this session, we’ll explain our two-tiered approach to both helping developers understand trends in our vulnerability reports. We take a two-tiered approach, first presenting vulnerability report and pentesting trends to help teach where vulnerabilities have been identified in the past, and then teaching our team how to hunt for and report security bugs they’ve found.

We’ve found this approach really helpful to increasing security before release, almost eliminating one class of vulnerability reports. In this session, I’ll talk about the details of how we do this security training—see if you think this could help you!

Conference Link: LocoMocoSec 2019