Sprint #1: Start where you are

Welcome to the first sprint of OneHourAppSec - we’re so thrilled to have you here with us, dedicating your time to application security. How good!

This sprint we will lay the foundations for the work ahead of us. Our sprint goal is two-fold:

• Understanding what software you have so we can plan to secure it

• Understanding the concept of security debt and making sure we can track it

There is a lot to do but we will do it in small chunks to make it more manageable.

Let’s get into it 👏

Activities

📽️ [VIDEO] Introducing Sprint 1 (5 minutes)

This first sprint video explains the theme and what to tick off

🎮 New Member Survey (5 minutes)

OneHourAppSec is trying something huge for secure software worldwide. To help us understand our members, we have a very short survey.It's just seven questions, with zero personal information, in five minutes of your first sprint.

📽️ [VIDEO] What is a System Register, and why do you need one? (5 minutes)

We dive into what security debt is and how to set up mechanisms for tracking it.

📑 Create your own System Register (25 minutes)

Ready to create a System Register? Great, we have built a template to get you started.

📽️ [VIDEO] What is a Security Debt and why does it matter? (5 minutes)

We dive into what security debt is and how to set up mechanisms for tracking it.

📑 Start Tracking Security Debt (10 minutes)

We are going to identify lots of security debt during the course of OneHourAppSec. That's normal and we don’t judge.  Now is a great time to set up a security debt tracker in your ticketing or issues tool.

📽️ [VIDEO] Watch-Along - Building a Security Debt Tracker (5 minutes)

Looking for inspiration - watch Laura build her own security debt tracker.