lascon 2017 Oct. 24, 2017 to Oct. 27, 2017, texas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Automating your own AppSec Pipeline with Docker and Serverless Computing w/ Matt Tesauro (Day 1) Matt Tesauro Any optimization outside the critical constraint is an illusion. In application security, the size of ...
Web Application Hacking w/ Brandon Perry (Day 1) Brandon Perry The first day of this class focuses on teaching how to start finding and exploiting ...
Modern Crypto Attacks for Pen Testers who Hate Math w/ Daniel Crowley (Day 1) Daniel Crowley In the same way that applications are difficult to design, code and deploy securely, cryptographic ...
Keynote Georgia Weidman , Chris Nickerson N/A
Won't somebody please think of the data! Sarah-jane Madden The greatest trust a client places in your company is when they make you the ...
Security for DevOps Shannon Lietz Believe that your application isn't being abused? Have the impression that attackers only pay attention ...
IoT and the Security of That Mobile App Mark Loveless Using research from multiple projects involving IoT and the accompanying mobile app, we'll take a ...
It Was Broken When It Got Here! Security in your Software Procurement Process Kevin Dunn In 2017, Software Security is reasonably well understood. Thanks to the hard work of organizations ...
Startup Security: Making Everyone Happy Michael Mccabe , Brian Henderson There is no doubt that security is a must for every company but for startups ...
OAuth vs. SAML vs. OpenID Connect Michael Schwartz OAuth, SAML and OpenID Connect are the most important identity federation protocols in use today. ...
The Rest of the Story: Securing a Raspberry Pi Home Monitoring System Laurel Marotta I love to tinker! I have been playing around with the Raspberry Pi for a ...
Where we’re going… we won’t need passwords… Matt Hajda This session will cover a real-word approach to enterprise wide multi-factor authentication deployment at a ...
Abusing Normality: Data Exfiltration in Plain Site Aelon Porat As a defender, you can recognize a potential compromise when a new WMI class appears ...
Demystifying the Ransomware and IoT Threat Christopher Elisan We have seen a rise in Ransomware attacks in the past year. While we are ...
Realizing Software Security Maturity: The Growing Pains & Gains Mark Stanislav , Kelby Ludwig Software security maturity is often diluted down to the OWASP Top 10, leaving organizations with ...
Tangled Web: Defense in Deception Herb Todd "All warfare is based on deception. Hence when able to attack, we must seem unable; ...
Equifax shows hackers have the first mover advantage. Lets close that gap. Brian Fox Bad hygiene is a bigger problem that you think -- Equifax is not alone 46,557 ...
Improving dynamic vulnerability scanners with static code analysis Caleb Coffie Finding potential vulnerabilities in your source code is vital, but the two traditional methods for ...
Serverless security: A pragmatic primer for builders and defenders James Wickett Serverless is the design pattern for writing applications at scale without the necessity of managing ...
Your Security Tools are Just a Stop-Gap to Secure DevOps Kevin Fealey Many organizations are taking a tools-first approach to verifying the security of applications in their ...
Are you ready for my call? Responsible Disclosure Preparedness Jason Kent I came across a flaw in an IOT device I have connected to my house ...
Information Security Risk Assessment (ISRA): Lessons from the Front Lines Karen Lu Information Security Risk Assessment (ISRA) should be one of the most important ingredients in a ...
IoT Assimilation: Resistance is Futile. Mark Szewczul Technology allows society to accelerate exponentially. People are connecting Things to the Internet but the ...
From Zero to Zero-Trust: Lessons Learned Building a BeyondCorp SSH Proxy James Barclay The BeyondCorp model introduced by Google does away with placing trust in the network perimeter. ...
Invited Speaker: Kevin Paige Kevin Paige Seasoned Information Technology & Security Leader with over 15 years of results, delivering solutions that ...
AppSec Pipelines and Event-based Security: Moving beyond a traditional security test. Matt Tesauro Is software development outpacing your ability to secure your company’s portfolio of apps? You don’t ...
Architecting for Security in the Cloud Josh Sokol The best part about creating new products and services in the cloud is the agility ...
Threat Modeling For Secure Software Design Robert Hurlbut Threat modeling is a way of thinking about what could go wrong and how to ...
Breaking into Security Tommy Dew , Gisela Hinojosa Are you ready to follow your passion as a Pentester but are unsure of how ...
A Wake-Up Call - Information Security for Non-Profits, Foundations, and Charities Kelley Misata The last time you gave money or time to your favorite charity did you think ...
Climbing the PacketFence Robert Bogart , Dale Whiteaker-lewis Implementing 802.1x port authentication in a corporate environment is hard enough, but to attempt it ...
Phishing: It's Not Just for Pentesters - Using Phishing to Build a Successful Awareness Program Joe Gray Social engineering attacks remain the most effective way to gain a foothold in a targeted ...
Leveraging Social Engineering in physical security assessment Snow Going past the wire Leveraging Social Engineering in physical security assessment Many organizations have started ...
The Role of Empathy in Vulnerability Disclosure Practices for Software Vendors Adam Goodman There are guides and templates for how to write a security advisory and handle inbound ...
Core Rule Set for the Masses: Lessons from taming ModSecurity rules at massive scale Tin Zaw Everyone who has used, or attempted to use, OWASP ModSecurity Web Application Firewall knows something ...
Layer 8 and Why People are the Most Important Security Tool Damon Small People are the cause of many security problems, but people are also the most effective ...
Malware Clustering Srivathsan Srinivasagopalan Malware clustering is an unsupervised similarity search technique where similar malwares are clustered together. We ...
No one left behind : Security Defense through Gamification including CTFs Kashish Mittal Do you think that the Information Security training at your company gives an employee a ...
How to Put the Sec in DevOps Igor Matlin Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made ...
Invited Speaker Chris Roberts N/A
Cloud Ops MasterClass: Lessons learned from a multi-year implementation of cloud automation at scale Michael Osburn , Nathan Wallace How can you effectively manage cloud operations for over 80 different agile DevOps teams? Automated ...
Attack Vectors in Biometric Recognition Systems Clare Nelson Attack Vectors in Biometric Recognition Systems: Mobile Authentication Use Case, Blockchain, and More. Biometrics can ...
Security Evaluation of Libraries Trupti Shiralkar The target audience for this talk is security engineers, software development engineers, software development managers, ...
How to Create and Cultivate Community within the Cybersecurity Industry Jessica Patterson Coming soon.