GlobalAppSec-DC 2019 Sept. 9, 2019 to Sept. 9, 2019, Washington, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Applying Security Engineering Principles to Complex Composite Systems Neal Ziring Modern web applications and systems have grown increasing complex in the 18 years since OWASP ...
A Structured Code Audit Approach to Find Flaws in Highly Audited Webapps Simon Scannell WordPress is a highly popular content management system used by over 33% of all websites ...
Non-Political Security Learnings from the Mueller Report Arkadiy Tetelman The Mueller Report was split into 2 volumes, focused on 1) Russian interference in the ...
Security & Chaos Engineering: A Novel Approach to Crafting Secure and Resilient Distributed Systems Aaron Rinehart Security today is customarily a reactive and chaotic exercise.Modern systems pose a number of thorny ...
Securing Serverless by Breaking-in Hayley Denbraver Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security ...
Secure Medical Device Deployment Standard Christopher Frenz Christopher Frenz is the AVP of Information Security for Interfaith Medical Center where he worked ...
Owning the Cloud through SSRF and PDF Generators Ben Sadeghipour With how many apps are running in the cloud, hacking these instances becomes easier with ...
OWASP Find Security Bugs: The community static code analyzer Phillipe Arteau The Web application development lifecycle has numerous security activities. For developers, code review is a ...
Insider Threat Assessments: A methodology for improving insider threat deterrence and detection Ben Stewart Giving organizations a proactive, situational procedure to validate their insider threat program reduces gaps in ...
Shift left, shift right, or run security right through the middle? Meera Rao With software security blunders making headlines and businesses under increasing pressure to deliver software faster, ...
Cryptocoin Miners vs Machine Learning Jonn Callahan This talk will be a walkthrough of how I built a detection engine focused on ...
Secure Coding Dojo Paul Ionescu The Secure Coding Dojo is a platform for delivering security training for developers. The platform ...
DevSecOps: Essential Pipeline Tooling to Enable Continuous Security Richard Mills As we embrace DevOps to optimize our Agility, we start pushing working code toward production ...
Making a Change, One at a time - Diversity: More than just Gender Vandana Verma There has been a lot of conversations around diversity and inclusion in the recent past. ...
Building Secure Password-less Web Applications using WebAuthn Krishna Puthanveetil According to the 2019 Verizon Data Breach Investigation Report, 81% of breaches were caused by ...
Securing Modern Applications: The Data Behind DevSecOps Derek E. Weeks Hackers took three days to identify and exploit a known vulnerability in Equifax's web applications. ...
Building Secure React Applications Jim Perris Cross-Site Scripting (or client-side JavaScript injection) and other client-side risk are well known technical challenges ...
Quantifying the Security Benefits of Debloating Web Applications Babak Amin Azad As software becomes increasingly complex, its attack surface expands enabling the exploitation of a wide ...
Beyond data-at-rest: Advances in Native NoSQL Database Encryption Kenneth White Highly sensitive databases require enhanced technical measures to protect the confidentiality of their workloads. Typical ...
Running FaaS with Scissors Matt Tesauro Taking a DevSecOps mindset has created many opportunities to nudge organizations into improving how we ...
A Case Study in Scaling Oversight Mike Samuel Learn how a seemingly inconsequential code pattern enables development teams to bound the amount of ...
The As, Bs, and Four Cs of Testing Cloud-Native Applications Dan Cornell Security assessments are a critical part of any security program. Being able to identify – ...
Fighting Formjacking and Magecart - Separating fact from fiction Avital Grushcovski Formjacking attacks are simple and lucrative: cybercriminals load malicious code onto retailers’ websites to steal ...
What Do Hackers Want from Bounty Programs? Yakov Shafranovich Bounty programs are all the rage these days but what do hackers / researchers think ...
Keynote: Talent matters. You matter. Caroline Wong The internet wasn’t built with security in mind, the world has a massive talent shortage, ...
A Purple Team View of Serverless and GraphQL Applications Abhay Bhargav The presentation will begin with quick refresher on Serverless functions and GraphQL Applications. The author ...
OWASP Serverless Top 10 Tal Melamed In moving to serverless, we shift some security responsibilities to the infrastructure provider by eliminating ...
0 to 1 Startup Security Coleen Coolidge Have you ever wondered what it takes to bring a startup from "zero security" to ...
SSO Wars: The Token Menace Alvaro Mirosh It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On ...
Keys Under Doormats: Problems and Solutions for Securely Storing Credentials in Web Applications Dmitriy Craig Encryption keys and passwords are truly "keys to the kingdom." Acquiring them allows attackers to ...
How to Build an AppSec Training Program That Isn’t Boring Brice Williams Training plays a critical role in software security because developers often start with little security ...
A Practical Guide to Complying with SB-327 (Information Privacy of Connected Devices) Farbod H Foomany Senate Bill 327 sets a new standard for the security and privacy of connected devices. ...
A Day in the Life of IoT Security Architect Praveena Sridhar How different a IoT Security is from typical traditional Security architect, tasks performed by the ...
Farewell, WAF - Exploiting SQL Injection from Mutation to Polymorphism Boik Su In this talk, we'll not only go through the core ideas and concepts of the ...
Common API Security Pitfalls Philippe de Ryck The shift towards an API landscape indicates a significant evolution in the way we build ...
A DevSecOps Tale of Business, Engineering, and People James Wickett DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has ...
Threat Modeling with Flow Diagrams Jonathan Marcil Threat Modeling is a great way to identify security risk by structuring possible attacks, bad ...
Salesforce Data Governance: What dark secrets lurk in your instance? Patrick Fields Salesforce only has Sales and Marketing information, right? WRONG!Over the years, Salesforce has grown and ...
How to Fix the Diversity Gap in Cybersecurity Chloé Messdaghi Women make up just 11 percent and minorities are slightly less than 12 percent of ...
Who Dis? The Right Way to Authenticate Dhivya Sudheer Online verification of identity today extends across microservices, cloud providers, IoT devices, emerging systems and ...
Swimming with the kubectl fish: the why, the how, the what of the CNCF Kubernetes Assessment Stefan Edwards Trail of Bits participated in the first wide-scale assessment of Kubernetes for the CNCF. This ...
The Zest of ZAP: How scripting in our favorite tool can bridge the gap between dev teams and security Peter Hauschulz Security testing has a reputation for being mysteriously technical and conceptually unapproachable to many in ...
Pilots, Surgeons and Developers - Improving Application Security With Checklists Joe Kuemerle Multiple studies have shown measurable reductions in risk and improved outcomes in both aviation and ...
Testing with your left foot forward Jeremy Long DevOps has brought many benefits to security - SAST and SCA security tools have been ...
IoT AppSec: Automatic Security Analysis of IoT Firmware Matt Brown This talk is the result of a 6 month long person project of mine to ...
Real Time Vulnerability Alerting by Using Principles from the United States Tsunami Warning Center Amol Sarwate Vulnerabilities and attacks are like tsunamis caused by earthquakes that hit without warning, causing high ...