AppSecCali 2017 Jan. 23, 2017 to Jan. 25, 2017, california,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
OWASP Top 10 - Exploitation and Effective Safeguards David Caissy AppSec California 2017 OWASP Top 10 – Exploitation and Effective Safeguards Monday, January 23rd, 2017 ...
Real World Red Team Attacks Peter Kim The days of exploiting MS08-067, encoding with Shikata Ga Nai, and blindly scanning are gone. ...
Secure Coding Bootcamp for the Web Jim Manico Secure Coding Bootcamp for the Web The major cause of web insecurity is the lack ...
The Best TLS Training in the World Scott Helme Spend a full day to understand both the theory and practice of SSL/TLS. Designed by ...
Welcome Address Richard.greenberg , Edward Bonver N/A
Oscar Whiskey Alpha September Papa Tom Brennan Organizations are reporting that they have more technical staff on hand then ever before. Interoperability ...
Opening Keynote: Scaling a Software Security Initiative: Lessons from the BSIMM Gary Mcgraw This talk highlights important lessons in scaling the software security touchpoints described in the book ...
The Physical Web, interact with anything Scott Jenson Introduction to the Physical Web and how it works hard to protect users privacy. I'll ...
Threat Modeling for Mobile Amit Sethi How do you know how to build your application securely, or what to look for ...
SPArring with the Security of Single Page Applications Dan Kuykendall When SPArring with the security of a Single Page Application (SPA) you need to be ...
Adding PowerShell to your Arsenal with PS>Attack Jared Haight PowerShell is an incredibly powerful language with a lot of support from the offensive community, ...
Protecting container applications with file system whitelisting Chenxi Wang Container technologies like Docker are gaining mainstream interest from development organizations. Unlike virtual machines, containers ...
Twubhubbook: like an appsec program, but for startups Neil Matatall , Brent Johnson It’s 2025. Many of the problems in appsec in <%= current_year %> have mitigations, maybe ...
Serverless is teh Hawtness for Defenders and DevOps James Wickett Serverless is a design pattern gaining a lot of traction in DevOps shops. The serverless ...
Crowdsourced Security: The Good, The Bad, and The Ugly Caroline Wong Cost, quality, and coverage. These are the three major factors that security professionals must consider ...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipelines Dan Cornell A web application’s attack surface is the combination of URLs it will respond to as ...
Uninvited Guests on the World's Wild Web: Understanding Malicious Web Bots with OWASP Handbook Tin Zaw Day in and day out, web applications are subject to unwanted automated usage. These events ...
Dissecting Browser Privacy Yan It's no secret that users are being tracked across the web viacookies, supercookies, and an ...
InfoSec at Peak Prevention Daniel Miessler We're all familiar with Peak Oil--a concept that says there's a limit to how much ...
#securityselfie (size up your appsec program with new metrics) Jim O'leary Hacking around to find cool bugs is one thing; securing a codebase is another. How ...
A Hybrid Approach for Web App Penetration Testing David Caissy According to Symantec Internet Security Threat Report 2016, 78% of scanned websites have vulnerabilities, of ...
The Road to Free Certificates is Paved with Good Intentions Jillian Karner Let's Encrypt has been a success for the open source community and for privacy in ...
Java LangSec: New Security Controls in Java 8 and 9 Jim Manico Secure software requires making a wide variety of security controls available to the developer. These ...
Essential TLS Hardening for Better Web Security Justin Mayer Given the ubiquitous nature of the web, security professionals must do everything they can to ...
Panel: Women in Security Chenxi Wang , Kelly Fitzgerald , Deidre Diamond , Marian Merritt , Julie Medero Girls Who Code. Lean In. Grace Hopper. Women in Cybersecurity. Brain Babe. With so many ...
Make me a sandwich: Automating a custom SecDevOps pipeline Tony Trummer , Patrick Albert The Continuous Integration and Extreme Programming models, coupled with A/B testing make it nearly impossible ...
Keynote: Machine Learning — Cybersecurity Boon or Boondoggle Zulfikar Ramzan Machine Learning has seemingly become the latest shiny new object in cybersecurity. While machine learning ...
AppSec Pipelines and Event-based Security: Moving beyond a traditional security test. Matt Tesauro Is software development outpacing your ability to secure your company’s portfolio of apps? You don’t ...
Serverless! The holy grail of security operations (?) David Cuadrado , Santiago Kantorowicz Let's face it, security operations is time consuming, more often than not new paradigms surface ...
AWS Survival Guide Ken Johnson An increasing number of organizations are using AWS or are migrating to AWS. Security teams ...
DASTProxy: Don’t let your automated security testing program stall on crawl. Instead focus on business context. Srinivasa Rao , Kiran Shirali Many automated security programs look at crawling through a website before testing as a measure ...
Finding the Unicorn; the leader to spearhead your AppSec program Sandeep Singh Nain Finally we are at a stage where Application Security is considered more or less an ...
Scaling Security Testing at the Speed of DevOps Roger Seagle Recent software development trends, namely DevOps, Continuous Integration, Continuous Delivery, and Continuous Deployment, have empowered ...
Want to be secure? Eliminate passwords. If you don't have a password, it can't be stolen! Jack Bicer User IDs and passwords not only allow us to authenticate our accounts and online payments ...
HSTS, TLS, HPKP, CSP: putting them all together to move to HTTPS Julien Sobrier , Sun Hwan Kim Moving a large website with many user customizations to HTTPS is not easy as it ...
A Case for Integrity: JavaScript Apps Should Have it Too Pedro Fortuna JavaScript Web Applications are being used by virtually all tech companies in the world today, ...
When Bandit(s) Strike - Defend your Python Code Will Bengtson , Travis Mcpeak Bandit is an open-source tool designed to discover common security flaws in Python code. Although ...
An SDLC for the DevSecOps Era Zane Lackey The standard approaches for web application security over the last decade and beyond has focused ...
CSP: The Good, the Bad and the Ugly Ilya Nesterov W3C Web Application Security workgroup worked really hard to establish new standards to improve security ...
Life of a Password Arvind Mani Imagine an attacker who can update records on your website’s user password database. Is it ...
Continuous security: Bringing agility to the secure development lifecycle Rod Cope The fact that software development is moving towards agile methodologies and DevOps is a given, ...
OCSP Stapling in the Wild Devdatta Akhawe , Emily Stark Certificate revocation is a messy problem; certificate revocation lists and mid-handshake OCSP checks have proven ...
"Stealth" Authentication - how to not leak information to hackers in web application authentication Marc Bütikofer Web application authentication systems often unnecessarily leak valuable information to hackers and thus enable user ...