OWASP Global AppSec EU 2026 Vienna

Many AppSec programs fail because they try to run before they can walk. But in the world of ever changing attack surface, the truth is - Slow is smooth, smooth is fast, and 'smooth' is how we actually ship secure software at the speed of business.

This presentation outlines our multi-phased methodology for establishing an AppSec program. This approach emphasizes incremental, measurable, and sustainable goals throughout the journey. I will share ‘why, what and how’ of each major business-tailored adoption of frameworks like OWASP SAMM, Security Champions Guide and open source solutions. This talk will cover both cultural and technical aspects of the program, ranging from pushback from development to customization of language-specific-SAST policies to measuring the value with KPIs.

Application security practitioners will be able to use the strategy shared in this talk to build and scale the AppSec program aligned with their business goals.