Application Security

The Role of Education in AppSec Culture

Implementing application security practices in a company goes far beyond performing tasks, it’s a culture to be cultivated. In this journey, education is a fundamental step. However, what exactly is education in an AppSec context? Who is responsible for ensuring the continuity of these activities in search of cultural transformation? 

You can also listen to this article:

These were topics covered in the webinar The Role of Education in AppSec Culture, which took place on November 3rd, 2022.

To discuss the subject, we invited Daniel Dalalana, CEO of WSS Security, who spoke with our CEO, Wagner Elias.

But after all, what is education in AppSec?

Daniel and Wagner started the conversation by defining the differences between education, awareness, and training. They also addressed the importance of exchanging experiences between professionals with different backgrounds. “Sometimes the person with the least experience is the one who will ask questions that will put you in a position to build knowledge,” declared Dalalana. “And that’s what education is: an exchange between spaces for this knowledge construction, which goes far beyond this concept of acquisition”.

Why is Application Security not covered at college?

During the conversation, a pertinent question came through the chat: “Why is it common for undergraduate technology courses not to teach good practices for secure development?”. For Wagner, this is something natural. “This is a moment to learn the concepts, the fundamental basis for exercising our profession and solving problems”, he stated.

“There is no way to leave college prepared to deal with security – security is specialization. Now, what needs to be clear is that the foundation needs to be very good, so good that when you leave college, with little education, the security concepts will become clear”, he explained.

How to create AppSec awareness?

They also covered the challenges of AppSec awareness. “Awareness is not an occasional instruction, it is a continuity of cultural thinking. It’s a long-term thing. Forget ‘awareness week’, or punctual lectures, but of course, you have to start somewhere”, reinforced Dalalana”.

Bringing security education and awareness to other teams in a company, such as Product, Design, and Marketing, was also a debated topic. Both agreed on the importance of each professional in a  company having contact with the subject. “Everyone involved needs to understand the importance of security,” declared Wagner.

Discover People & Culture 

At Conviso, we know well the main problems faced by companies and the market when it comes to AppSec – and how to solve them. That’s why we created People & Culture, an advanced AppSec training solution that is integrated into your process. Our solution relies on gamification, and secure code challenges, which are contextualized and based on your team’s main gaps – so that vulnerability correction is no longer a challenge and becomes a culture in your company.

Nova call to action
About author


Communication Analyst at Conviso. With a degree in Journalism, she has 10 years of experience as a content strategist, as well as as a content editor.
Related posts
Application Security

The Importance of Supply Chain to Application Security

When we think about software development, we usually think about complex technical concepts…
Read more
Application Security

What is WAAP (Web Application and API Protection)

Welcome to the world of Web Application and API Protection (WAAP), an advanced security approach…
Read more
Application Security

The challenges in application security in the use of artificial intelligence by developers

As artificial intelligence (AI) becomes more and more present in our daily lives, it has become…
Read more

Deixe um comentário