Discover your inner security engineer with this one weird trick (hackers hate it!)

Discover your inner security engineer with this one weird trick (hackers hate it!)


In 2022 I prepared a talk, aimed at non-security people working on building software such as developers and DevOps engineers. The aim was to introduce them to some key ways in which OWASP can help them level up their security knowledge and practices for either free or very cheap. I first delivered the talk at AllDayDevOps 2022.

The slides for the talk are here:

In this post, I am not going to reproduce the whole talk but I want to provide the structure and, most importantly the links in a more accessible way than a talk recording or slide deck.

Talk abstract

When it comes to security, we are all trying to figure out how to do more, in less time and less budget. OWASP, the Open Web (and) Application Security Project can bring you this and more.

However, with over 200 different projects and no easy way for someone outside the ecosystem to know where to start, some of the best resources might be the least known. In this talk, I will use my experience working with OWASP in a variety of areas to walk you through the key projects that can help you at different stages of your software security journey such as those noted above. I will also highlight the less obvious benefits that it offers you which could potentially save you time and money.

You will leave with ideas and tricks which you can immediately adopt in your day job to level up your security knowledge, impress your peers, and maybe have some fun along the way!

Talk structure

What is OWASP

Your first steps in OWASP…

Some projects you should know…

Projects to start with

Projects to mature with

Projects to Watch