Vandana Verma

Security Leader

Running an AppSec Program with Open Source (OWASP) Projects

We are all heading towards modernisation of applications. However, we still see the vulnerabilities like SQL Injection, Sensitive data exposure, and security misconfiguration etc. When the loopholes in applications (such as legacy, desktop, web, mobile, micro services) are exploited, it can give malicious actors access to the organisation’s data.

This is a fact that Breaches will happen and security flaws will exist, however what we can do is minimise the chances. This is when the AppSec program comes into picture.

Organisation, who wants to set up an AppSec program from scratch using open source tools especially the start ups. They need a security program which they can pickup and get started with their application. For Enterprises, they can leverage the open source projects to set up the proof of concept and go for the private or commercial tools.

OWASP has many projects which can be tied seamlessly into the application development pipeline structure. However, firstly we don’t know if the projects exist, second if we know about the projects, we do not know the exact working of the projects.

Here is the AppSec Framework which I have created and which might help you in setting up the program or picking up the open source tools.

I have given the talk at Defcon - AppSec Village. Here is the video of the talk covering the AppSec Framework


The slides associated with the video are here.