lascon 2016 Nov. 1, 2016 to Nov. 4, 2016, austin,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Taking your AppSec program to 11: Automation and AppSec Pipelines Matt Tesauro Any optimization outside the critical constraint is an illusion. In application security, the size of ...
Threat Modeling Made Simple Brad Andrews A key part of protecting the systems we use is knowing the specific threats they ...
Understand JavaScript and HTML5 Features to Secure Your Client-side Code Ksenia Dmitrieva This full-day course helps web front-end developers understand the risks involved with manipulating JavaScript and ...
OWASP Top-10 (Free) Josh Sokol In this free training, application security experts Dan Cornell and Josh Sokol will walk developers ...
Key Note: Shannon Lietz Shannon Lietz Award winning leader in security innovation with experience developing emerging security programs for Fortune 500 ...
Invited Speaker: Robert Hansen Robert J. Hansen Robert Hansen (CEO of Smart Phone Exec): Mr. Hansen has worked for Digital Island, Exodus ...
Easy Mobile Hacking: Native and Hybrid Pitfalls Aaron Guzman After analyzing hundreds of mobile applications, it is easy to identify where most app developers ...
A Physical Security Plan for Implementing ISO 27002 Michael Marotta This presentation is dedicated to Jayson Street who inspired me with his talk, “How Do ...
Cryptography 101: A History and the Basics of Cryptography Bryant Hagen As long as someone wants to keep data safe from another person or group Cryptography ...
Three profiles of OAuth2 for Identity and Access Management Michael Schwartz Anything unfamiliar is hard. Because of its newness, many developers initially struggle with OAuth2. This ...
Doing Security in 100 milliseconds--The Speed of Serverless Computing James Wickett Serverless is awesome. It provides massive value in terms of simplicity and economics, enabling really ...
Not all HTTPS sites are equally secure, make yours safer Cassio Goldschmidt The writing is on the wall: in the next few years all modern websites will ...
Scanning IPv4 for Free Data and Free Shells Jordan Wright In recent years, we've seen a huge increase in the number of available databases and ...
LangSec for the Masses Joe Rozner In the last few years LangSec has finally gained widespread exposure as a methodology and ...
Trusted Execution: A Deterministic Approach to Application Security for Zero-Day Threat Prevention Satya Gupta While OWASP Top Ten exploits are well categorized and remain an ongoing part of SDLC ...
Uninvited Guests on the World's Wild Web: Understanding Malicious Web Bots with OWASP Handbook Tin Zaw Day in and day out, web applications are subject to unwanted automated usage. These events ...
Invited Speaker: Matt Johansen Matt Johansen Matt Johansen is the Director of Security at Honest Dollar, an Austin financial tech startup, ...
Making Invisible Things Visible: Tracking Down Known Vulnerabilities at 3000 Companies Derek E. Weeks We studied the patterns and practices exhibited by 3000 high-performance software development organizations, and we ...
Don't Touch Me That Way David Lindner With over 3.1 million applications in the Apple AppStore and Google Play Store, and more ...
Hindsight isn't good enough: LANGSEC helps you take control of your security at runtime Kunal Anand Web Application Firewalls (WAFs) and analysis tools like Static Application Security Test (SAST) and Dynamic ...
Invited Speaker: Dan Cornell Dan Cornell A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, ...
Making Vulnerability Management Suck Less with a New OWASP Project, DefectDojo Greg Anderson In 2013, one security engineer stupidly opened his mouth in front of his leadership team ...
Architecting a Security Program for the Future Josh Sokol , Karen Lu Twenty years ago when Acme Corp first started making widgets, things were very different. The ...
Practical Physical Security Advice for the Modern Enterprise Daniel Crowley Physical security practices are often overlooked when considering the overall security posture for a company. ...
It's 10pm, Do You Know Where Your Access Keys Are? Ken Johnson A large number of organizations are using AWS or are migrating to AWS. Security teams ...
Could a few lines of code it all up! Matt Rose Could a few links of code f@#k it all up! March 2016. An anonymous open ...
Cryptography Pitfalls John Downey We tend do a poor job of implementing cryptography and other security measures in our ...
Key Note: James Lee James Lee James Lee, better known as egypt, is a software developer and Open Source Community Manager ...
Invited Speakers: Ernest Mueller : Lean Security Ernest Mueller Moving fast is a business imperative that you can’t afford to be in opposition to. ...
Interact Differently: Get More from Your Tools Through Exposed APIs Kevin Fealey Most tools are designed with a single function in mind, but can often be leveraged ...
It's All About That C-SURF, No Trouble Dave Ferguson What's with cross-site request forgery? A decade ago it was supposed to be a "sleeping ...
Six myths of Information Security Steve Horstman The fast paced talk will cover 6 myths of information security including: 1. That this ...
Invited Speaker: Jason Kent Jason Kent I like to help build automation for difficult problems. Got 10,000 applications? Lets figure out ...
HoneyPy & HoneyDB Phillip Maddux This talk will provide a light intro to honeypots and their benefits, and highlight two ...
Euro-mageddon: Updating your Security & Privacy Programmes for GDPR Rebecca Shore-suslowitz , Bankim Tejani In April 2016, the European Union ratified Regulation (EU) 2016/679, better known as General Data ...
Why the LinkedIn hack could be your biggest AppSec threat Mike Milner In 2012, account takeover (ATO) resulted in more than $4.9 billion total losses, a 69% ...
Cyber Security of IOT Dumped on Your Lap Chris Walker Human interface devices "endpoints" under the control of people are the thoughts of security experts ...
Demystifying a Malware Attack Christopher Elisan The media reports different malware attacks, different lamentations from those affected and different opinions of ...
Mind the CSP Gap: Challenges developing a meaningful Content-Security-Policy Garrett Held Learn from the challenges of getting CSP up and running without disrupting engineering teams. Initial ...
Invited Speaker: Ryan Huber Ryan Huber Ryan Huber does security things at Slack. Before that Ryan Huber did other security things. ...
API Security Best Practices & Guidelines Prabath Siriwardena API adoption in both consumer and enterprises has gone beyond predictions. It has become the ...
Beyond The 'Cript: Practical iOS Reverse Engineering Michael Allen There is an app for everything these days. And if you are current on your ...
Leveling up your bug bounty program Charles Valentine Top security programs are turning to bug bounties to leverage a vast array of skill-sets ...
IOT Application Security - Are you exposing your home to an attack? Jason Kent As we all connect everything in our homes to the Internet, we need to seriously ...
Go Purple! Adopt purple team strategy to augment Application Security Programs Trupti Shiralkar Lately, monolithic applications have been replaced by more complex and evolving micro-service oriented architecture. Moreover, ...
Eradicating the Weakest Link in Global Corporations: Case Study of Practical Global Website Security Tomohisa Ishikawa One of the biggest challenges for a global corporation with many branches is the standardization ...
Invited Speaker: Dave Kennedy Dave Kennedy N/A
Avoiding Application Security Program Pitfalls Cap Diebel Leaders and managers in enterprises need to understand several key topics if they expect to ...
Securing the Spark Fire Hose Jack Mannino Apache Spark is an awesome cluster computing framework used in big data analytics for stream ...
Be Ready for BeyondCorp: enterprise identity, perimeters and your application Aaron Zollman Publishing an application inside an enterprise used to be easy: stick it behind the firewall ...