Building More Secure Apps is Not [only] Writing Secure Code

Just finished two Application Security Awareness workshops for major customer.

The audience is developers and major idea behind the workshop (two halves days) is to emphasize the security fights one need to manage throughout development lifecycle - NOT just before app deployment. So we had some presentations and then practices where we tried to plan our security for imaginary applications - one Internet and the other intranet, then we've done some code inspections looking for vulnerabilities and best practices.

I think it went pretty well - great evals I got back from attendees prove it

Enjoyed a lot.