SKF Keeper project There is no right or wrong, only fun and boring by Glenn ten Cate

During our work as penetration testers we found that there are a lot of vulnerabilities being introduced in applications that could have been prevented in an early stage of development. The latest trend in integrating security tooling into CI/CD pipelines. However, security tooling integrated in your security pipe-lines will not cover the whole attack surface. This is because the tooling can never understand the full context of the applications functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive. So what is the right balance and how can we make the most impact? By Guiding and training the developers and enabling them in writing secure software. We created an online free to use, fully open-source platform that enables you to learn about building secure software using materials from the best resources available and practice them in hands-on labs. We currently have 3 different tracks that you can follow, Defensive secure coding, Offensive security testing and Infra security. Now you can have everything you need, training & guidance for doing AppSec right! This aim of this talk will be to guide everybody willing to take the maturity of their security in software development to a higher level.