Building an effective and efficient continuous web application security program

Abstract

Most of organizations today either have some kind of web application security program or trying to build/enhance. However most of these programs are not getting expected results to organization, neither long lasting nor able to deliver value in continuous and efficient manner and also unable to enhance mind set of developers to build/design secure web applications. A strong application security program involves built in security into Application Development Lifecycle (S-SDLC), developing security guidelines and standards, creating awareness and security trainings, execute effective web application security assessment, establishing meaniningful security dashboards for each stake holder from executives, directors, program managers to developers.