The State of AppSec in NZ - 2022

John DiLeo (OWASP New Zealand)

There are any number of ’experts’ and textbooks on application security (AppSec), ready to tell you all the things we should be doing to secure your organisation’s applications and data. But, how do the things you’re actually doing stack up against what others New Zealand businesses do?

To help answer this question, we developed the “State of Application Security in New Zealand” industry survey. This presentation will outline our objectives and methodology, summarise the survey results, and highlight New Zealand enterprises’ successes - and opportunities for improvement - in securing the software we rely on.

I’ll follow up with lessons learned from our first annual effort, planned improvements for next year’s survey, and my work to generalise and publish the tools as an OWASP Project.

About John

Dr. John DiLeo is a Principal Consultant on Datacom New Zealand’s Application Security Services team, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. He volunteers his time as the Auckland-area leader of the OWASP New Zealand Chapter and Chair of the annual OWASP New Zealand Day conference.

Before turning to full-time roles in application security, John was active as a Java enterprise architect and Web application developer. In an earlier life, John built discrete-event simulations of large distributed systems.

John is on the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, and is active on the OWASP Education and Training Committee.