Appsec Phoenix

AppSec Phoenix Wide
ultra violet


An comprehensive Journey trough the modern technique for implementing DevSecOps, Application Security & Cloud Security

A Modern Approach to Application & Cloud Security

This document is a collaborative document that aims to include the thoughts of modern appsec leaders

We wrote this document with industry leaders to focus on how to implement application & cloud security in the modern organization

the book is a collection of methodologies from the practitioners 

Who helped us creating this report

The current state of application security is that we do not have enough qualified individuals, with relevant training and experience, to do all of the work that we need doing

Tanya Janca Shehackspurple

Because most breaches can be traced back to code and we have the data to show this, it’s clear that security is a non-functional requirement for good code and a question of code quality. The only way to improve the quality of that code is to ensure that developers know what good looks like (through awareness and education) and that they are empowered (through tooling and processes) to produce code that meets the mark.

Grant Ongers Secure Delivery

It would not be hard to argue that AppSec is the most difficult part of infosec today. Security needs to get out of our organizational silos and be proactive, helpful partners to the Application development teams who are in the midst of navigating a generational change in SDLC process and architecture. Ensuring that we have an awareness of how, where, and what attackers are doing to apps in production as well as having a clear bug identification and remediation strategy are both fundamental to building an effective defensive strategy that both development and security teams can carry out

Andrew Peterson Signal Science

“The key to building secure software is knowledge” Even the most automated security pipelines rely on someone to interpret the results and take proper action, which boils down to security knowledge.

Dr. Philippe De Ryck Pragmatic Web Security

Vandana is a seasoned security professional with experience ranging from application security to infrastructure and now dealing with Product Security. She has been Keynote speaker / Speaker / Trainer at various public events ranging from Global OWASP AppSec events to BlackHat events to regional events like BSides events in India. She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec

Vandana Verma SNYK

Nicole Becher is currently the Director of Information Security & Risk Management for S&P Global Platts, a leading provider of energy and commodities information and benchmark price assessments in the physical commodity markets. In this role, she works with both technology and business leadership to ensure security is built into the strategic plans of the organization, especially as new technology is deployed.

Nicole Becher Google

Chris Sellards has a Doctor of Science in Cybersecurity from Capitol Technology University. His dissertation was a quantitative study focused on DevSecOps. He has 24 years of experience in IT, over 20 years in information security, and 15 years working with application security. He has built AppSec programs in the medical, financial services, and insurance industries. He has developed the strategy driving AppSec programs aligned with business security requirements (both for in-house dev teams and outsourced) and has done the hands-on work implementing automated SAST into multiple DevOps pipelines and analyzed findings with developers to identify false positives, tuning queries, setting up incremental scans, and integrating output with tracking tools. He currently serves as Director of Security Architecture & Engineering at The Argo Group and as an Adjunct Professor at the University of Texas at San Antonio.

Chris Sell Designation

Francesco is an Executive, Public Speaker, out of the box thinker. Francesco is the CEO of AppSec Phoenix a cybersecurity unicorn start-up revolutionizing the way organizations do vulnerability management and Managing director NSC42 Ltd a UK based cybersecurity consultancy. As an executive, he loves to stay close to the technology but to keep it simple.

Francesco Cipollone AppSec Phoenix Founder

    Why we came together to write this report

    Application security is a growing concern for boards and organisations. We’ve seen a rise in focus on

    application security as more and more elements in the organisation is becoming code-driven.

    According to a recent survey carried out on C-suite users, a total of 53% of respondents indicated

    “cybercrime and data breaches” are the number one concern for cybersecurity. [IBM Study]


    So why criminals (not a hacker) attack an organisation? Well mostly for financial reason, even though

    there are exceptions, (see later in the report).

    Verizon’s Data Breach Investigations Report (DBIR) finds that 86% of data breaches are financially

    motivated—up 15% over the previous year. In contrast, espionage—the second-highest motive—declined

    from 2018 to 2020.


    What was our mission

    With more code, and more vulnerabilities being disclosed we decided to put the energy together to create a modern book for DevSecop Practitioners and Security Specialist 

    The book focus on data

    breaches statistics and how they are linked to application security and further dive into the potential

    methodologies (the HOW) and solution (the WHAT).

    Appsec zero to hero

    DOWNLOAD the FREE book on Application & Cloud Security

    This is a community effort we ask for only one token in exchange, for your contacts to know if you are interested. We promise not to spam download for free the revolutionary book on application & Cloud security.

      x Logo: ShieldPRO
      This Site Is Protected By