This sprint, we’re going to build an artifact to support the work we did in sprints five and six. In the last two sprints, we looked at how we choose technologies to integrate into our software. In this sprint, we will learn about a common way to communicate this list of technologies - the SBOM (or Software Bill of Materials). Increasingly required for regulation, compliance, and even to sell to larger organizations, your SBOM may end up being more important than you realize.

This sprint, we’re going to build an artifact to support the work we did in sprints five and six. In the last two sprints, we looked at how we choose technologies to integrate into our software. In this sprint, we will learn about a common way to communicate this list of technologies - the SBOM (or Software Bill of Materials). Increasingly required for regulation, compliance, and even to sell to larger organizations, your SBOM may end up being more important than you realize.

This sprint we look at what happens to those libraries once we have them in place and what we need to do from a security perspective to keep them and us safe.Understanding why 3rd party components can pose a risk to our software supply chainExamining a 3rd party library from a security perspective and learning what to look for.Putting a lightweight process in for accepting new components into your stack.

This sprint we take a look at how we choose new components, what the risks are and take some steps to make things safer:Understanding why 3rd party components can pose a risk to our software supply chainExamining a 3rd party library from a security perspective and learning what to look for.Putting a lightweight process in for accepting new components into your stack.

Slack Overflow Podcast Logo

This sprint we will take a look at some of the foundations of securing our source code:Examine the ways in which source code can be vulnerable and what steps we can take to protect itReview the source code security for a project and take steps to improve it

This sprint, we will take a look at some of the repetitive, boring parts of keeping your applications secure and then show you ways to do less work:Explore the jobs to be done in application security, how frequently they need to be done and what’s involved.To find ways to automate common, appsec jobs and make our lives easier

This sprint we come to terms with this and take the drama out of it by preparing for the (somewhat) inevitable by:Understanding what we should do if something does go wrong (from a security perspective)Understanding how to determine how serious an incident is in our context.

Welcome to the first sprint of OneHourAppSec - we’re so thrilled to have you here with us, dedicating your time to application security. How good!This sprint we will lay the foundations for the work ahead of us. Our sprint goal is two-fold