During the recent OWASP AppSec Europe 2016 conference held in Rome, experts discussed the "where do I start?" topic with nearly 700 attendees from all over the globe. Here are tips drawn from those discussions and conversations.

Some of the topics in Part 1 of this SearchSecurity article series include:

1. The first steps to take to get started with an application security testing program
2. Evaluating dynamic application security testing (DAST)
3. Evaluating vs static application security testing (SAST)
4. A peek into the secure software development lifecycle (SSDLC)

Stay tuned for Part 2.