Tickets
Agenda
Workshops
Speakers

Wednesday 

Room 2 

16:20 - 17:20 

(UTC±00

Talk (60 min)

The AppSec Poverty Line: Minimal Viable Security

Not every team has a security budget. Not every project has a dedicated AppSec engineer. But every product exposed to the internet needs some level of security to survive.

Application Security

This talk explores what I call “The AppSec Poverty Line” also known as ‘Minimal Viable Security” — the minimum viable set of practices, tools, and cultural shifts that under-resourced dev teams can adopt to meaningfully improve application security. Whether you're a startup with no security hires, an independent dev, or part of a team that doesn’t have a security budget, this talk will help you prioritize what actually matters.

We’ll cover practical approaches to getting from zero to secure-ish, with a focus on:

  • Training developers to write more secure code, and spot unsafe code
  • Cultivating a security-positive culture
  • Leveraging open-source tools that punch above their weight
  • Knowing when “good enough” really is enough — and when it’s not

Attendees will leave with a roadmap for building real-world security into their product lifecycle — without breaking the bank or burning out the team. Because even if you’re below the AppSec poverty line, you don’t have to be defenseless.

Tanya Janca

Tanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game.

Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger.

Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently works as Staff DevRel at Semgrep.