#138 - Building Application Security Program - Derek Fisher

“Building an application security program is about ensuring security is built into the software development lifecycle and how to respond to vulnerabilities." Derek Fisher is the author of “Application Security Program Handbook”. In this episode, Derek shared about building an application security program and how to implement it in our organization. First, we discussed some security fundamental concepts, such as shift-left, CIA triad, and threat modeling. Derek then outlined how to start an application security program and measure the program’s success. Derek also touched on the security program maturity model and gave his tips on how to build and hire application security teams. Towards the end, Derek also gave his insights on how to address zero-day vulnerabilities when it becomes prominent.   Listen out for: Career Journey - [00:03:51] Building Application Security Program - [00:06:56] Shifting Left - [00:11:58] CIA Triad - [00:16:30] Threat Modeling - [00:19:04] Threat Classification - [00:2