This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Learn More about the Application Security Leadership Essentials Class

Jump to: navigation, search

Leadership Essentials

Today, every business function relies on custom software applications. These applications are typically built under tremendous time pressure by internal or contracted developers to fulfill a specific business need. Organizations need to be able to trust that this software has appropriate security mechanisms to thwart attacks and that the code does not contain vulnerabilities. Even software product companies have an extremely difficult time achieving trustworthy code, and experience shows that most custom applications have far more vulnerabilities. Recent market trends show a clear pattern: organizations need an Application Security Initiative in order to achieve this level of trust in their custom-built applications.

This course will provide answers to some of the key questions you may have been challenged with:

1. Why is application security so important?

2. What are the most critical vulnerability areas to focus on and how?

3. What security tools and technologies do software projects need?

4. How do I establish an application security initiative in my organization?

5. How can I enhance my SDLC to include security activities?

6. How do I measure my organization’s progress in application security?

7. How can I get my developers to care about application security?

8. What teams and roles should I create to address application security?

9. How do I get a handle on the security of my entire application portfolio?

10. What is the most effective way of securing legacy applications?

This is the right course at the right time for any executive or manager who has decided that secure application development is a priority. The analyst community is helping CIOs understand just how critical the problem of insecure programming has become. For example the Robert Francis Group (a well-known application development analyst group) wrote:

“The lack of application security requirements and associated poor security focus in the development process can cripple business application security leading to significant revenue loss and perhaps liability claims from anyone impacted by this oversight. IT executives should review application development processes and direct development teams to build in security, rather than consider it after the application deployment.”

In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.


The intended audience for this course is:



Program Managers

Account Managers

Functional/Resource Application Managers

Technical Program/Project Managers (Chief Engineers)



Key/Technical Decision Makers

Learning Objectives

At the highest level, the objective for this course is to ensure that leaders and managers understand how to lead in a way that encourages application security and why that is important.

Topic and Learning Objective

Importance of Application Security - Be aware of secure application development and the value it brings

State of the Industry - Be able to compare your project with other comparable companies efforts in application security

Identifying Risks - Understand that application security risks and their associated business risks need to be identified for all applications

Security Areas - Be aware of the key security areas and understand the major threats to each

Managing Application Security - Understand application security root causes, analyze an organization’s capability and utilize proven techniques in planning and managing an effective application security initiative.

Process - Understand how to successfully integrate secure coding activities and techniques across the application development lifecycle

People - Be able to determine whether their team has the appropriate skills to build a secure application, and how to build teams with the required skills.

Application Security Technologies - Be familiar with common application security tools and technologies for building secure web applications and what security capabilities they provide