- Zenity Labs
- Posts
- Links and materials for Scaling AppSec With an SDLC for Citizen Development
Links and materials for Scaling AppSec With an SDLC for Citizen Development
Links, demos, tools and slides for RSAC 2025

This is a post with all of the links and additional materials for a talk with Microsoft’s Ryan McDonald at RSAC 2025 titled Scaling AppSec With an SDLC for Citizen Development.
Abstract:
AppSec programs are difficult, filled with vulnerabilities. Overloaded staff and inadequate budget. The era of Citizen Development where non-IT folks develop code, often using LCNC tools, brings new challenges. The traditional approach of narrow scope and focus on crown jewels will no longer work. This session will reveal a solution to address increasing the scope to result in program remediation.
Resources
Deck: TBD
Talk: Your Copilot Is My Insider at RSAC 2025
Talk: Sure, Let Business Users Build Their Own. What Could Go Wrong? at BHUSA 2024
Talk: Living off Microsoft Copilot at BHUSA 2025
Talk: All You Need Is Guest at BHUSA 2024
Demo: Scan your tenant for publicly-facing copilot bots with Copilot Hunter
Demo: Hijacking Microsoft Copilot to be your malicious insider
Demo: Spyware injection into ChatGPT’s long-term memory
Tool: Power Pwn, an offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform
Link: The GenAI Attacks Matrix
Link: Power Platform Docs
Link: OWASP LCNC Top 10
Link: OWASP LLM Top 10
Reply