Building a High-Value AppSec Scanning Programme (SCA, SAST, DAST and more)

Application security scanning tools such as SAST, DAST or SCA, have become a key part of most organizations' AppSec programmes. However, we repeatedly see that the effort they require is so high that it overshadows other important AppSec processes - without a comparable value benefit.Many organisations find themselves drowning in possible vulnerabilities, struggling to streamline their processes and not sure how to measure their progress.If you use these tools in your organisation, this may sound familiar.In this course (which includes content exclusive to Black Hat) you will build skills to address these problems and more (in a vendor-neutral way) with guidance on:Making these tools work effectively in your organisationBuilding efficient processes to operationalize the automated tools.Developing a mindset for prioritizing application security vulnerabilities.To bring the course to life and apply your new skills, you will work in teams (or individually if you prefer) on table-top exercises.You will design processes for a sample scenario using specially designed templates and have the opportunity to defend your decisions to a simulated stakeholder. You will also practice evaluating real vulnerabilities to prioritise your remediation efforts and focus on what really matters.Be ready to leave the course with clear strategies and ideas on how to get less stress and more value from these tools.