ABSTRACT
Application security (AppSec) professionals and practitioners on the security team only have influence as the tool for change. The Certified Secure Software Lifecycle Professional (CSSLP) is the only certification in the industry that ensures that security is considered throughout the entire lifecycle. The CSSLP Common Body of Knowledge contains the largest, most comprehensive collection of best practices, policies, and procedures to help improve AppSec across all phases of application development, regardless of methodology. Open Web AppSec Project advocates approaching AppSec as a people, process, and technology problem, because improvements in all of these areas are proven as effective approaches to solving AppSec problems and advancing the practices. Universities across the world have dramatically increased offering bachelor and master’s degrees in information security, with some that allow students a concentration on AppSec; but no public university has a comprehensive program for software security as the SANS Institute offers.
