GlobalAppSec-DC 2019 Sept. 9, 2019 to Sept. 9, 2019, Washington, USA
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Applying Security Engineering Principles to Complex Composite Systems | Neal Ziring | Modern web applications and systems have grown increasing complex in the 18 years since OWASP ... | |
A Structured Code Audit Approach to Find Flaws in Highly Audited Webapps | Simon Scannell | WordPress is a highly popular content management system used by over 33% of all websites ... | |
Non-Political Security Learnings from the Mueller Report | Arkadiy Tetelman | The Mueller Report was split into 2 volumes, focused on 1) Russian interference in the ... | |
Security & Chaos Engineering: A Novel Approach to Crafting Secure and Resilient Distributed Systems | Aaron Rinehart | Security today is customarily a reactive and chaotic exercise.Modern systems pose a number of thorny ... | |
Securing Serverless by Breaking-in | Hayley Denbraver | Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security ... | |
Secure Medical Device Deployment Standard | Christopher Frenz | Christopher Frenz is the AVP of Information Security for Interfaith Medical Center where he worked ... | |
Owning the Cloud through SSRF and PDF Generators | Ben Sadeghipour | With how many apps are running in the cloud, hacking these instances becomes easier with ... | |
OWASP Find Security Bugs: The community static code analyzer | Phillipe Arteau | The Web application development lifecycle has numerous security activities. For developers, code review is a ... | |
Insider Threat Assessments: A methodology for improving insider threat deterrence and detection | Ben Stewart | Giving organizations a proactive, situational procedure to validate their insider threat program reduces gaps in ... | |
Shift left, shift right, or run security right through the middle? | Meera Rao | With software security blunders making headlines and businesses under increasing pressure to deliver software faster, ... | |
Cryptocoin Miners vs Machine Learning | Jonn Callahan | This talk will be a walkthrough of how I built a detection engine focused on ... | |
Secure Coding Dojo | Paul Ionescu | The Secure Coding Dojo is a platform for delivering security training for developers. The platform ... | |
DevSecOps: Essential Pipeline Tooling to Enable Continuous Security | Richard Mills | As we embrace DevOps to optimize our Agility, we start pushing working code toward production ... | |
Making a Change, One at a time - Diversity: More than just Gender | Vandana Verma | There has been a lot of conversations around diversity and inclusion in the recent past. ... | |
Building Secure Password-less Web Applications using WebAuthn | Krishna Puthanveetil | According to the 2019 Verizon Data Breach Investigation Report, 81% of breaches were caused by ... | |
Securing Modern Applications: The Data Behind DevSecOps | Derek E. Weeks | Hackers took three days to identify and exploit a known vulnerability in Equifax's web applications. ... | |
Building Secure React Applications | Jim Perris | Cross-Site Scripting (or client-side JavaScript injection) and other client-side risk are well known technical challenges ... | |
Quantifying the Security Benefits of Debloating Web Applications | Babak Amin Azad | As software becomes increasingly complex, its attack surface expands enabling the exploitation of a wide ... | |
Beyond data-at-rest: Advances in Native NoSQL Database Encryption | Kenneth White | Highly sensitive databases require enhanced technical measures to protect the confidentiality of their workloads. Typical ... | |
Running FaaS with Scissors | Matt Tesauro | Taking a DevSecOps mindset has created many opportunities to nudge organizations into improving how we ... | |
A Case Study in Scaling Oversight | Mike Samuel | Learn how a seemingly inconsequential code pattern enables development teams to bound the amount of ... | |
The As, Bs, and Four Cs of Testing Cloud-Native Applications | Dan Cornell | Security assessments are a critical part of any security program. Being able to identify – ... | |
Fighting Formjacking and Magecart - Separating fact from fiction | Avital Grushcovski | Formjacking attacks are simple and lucrative: cybercriminals load malicious code onto retailers’ websites to steal ... | |
What Do Hackers Want from Bounty Programs? | Yakov Shafranovich | Bounty programs are all the rage these days but what do hackers / researchers think ... | |
Keynote: Talent matters. You matter. | Caroline Wong | The internet wasn’t built with security in mind, the world has a massive talent shortage, ... | |
A Purple Team View of Serverless and GraphQL Applications | Abhay Bhargav | The presentation will begin with quick refresher on Serverless functions and GraphQL Applications. The author ... | |
OWASP Serverless Top 10 | Tal Melamed | In moving to serverless, we shift some security responsibilities to the infrastructure provider by eliminating ... | |
0 to 1 Startup Security | Coleen Coolidge | Have you ever wondered what it takes to bring a startup from "zero security" to ... | |
SSO Wars: The Token Menace | Alvaro Mirosh | It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On ... | |
Keys Under Doormats: Problems and Solutions for Securely Storing Credentials in Web Applications | Dmitriy Craig | Encryption keys and passwords are truly "keys to the kingdom." Acquiring them allows attackers to ... | |
How to Build an AppSec Training Program That Isn’t Boring | Brice Williams | Training plays a critical role in software security because developers often start with little security ... | |
A Practical Guide to Complying with SB-327 (Information Privacy of Connected Devices) | Farbod H Foomany | Senate Bill 327 sets a new standard for the security and privacy of connected devices. ... | |
A Day in the Life of IoT Security Architect | Praveena Sridhar | How different a IoT Security is from typical traditional Security architect, tasks performed by the ... | |
Farewell, WAF - Exploiting SQL Injection from Mutation to Polymorphism | Boik Su | In this talk, we'll not only go through the core ideas and concepts of the ... | |
Common API Security Pitfalls | Philippe de Ryck | The shift towards an API landscape indicates a significant evolution in the way we build ... | |
A DevSecOps Tale of Business, Engineering, and People | James Wickett | DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has ... | |
Threat Modeling with Flow Diagrams | Jonathan Marcil | Threat Modeling is a great way to identify security risk by structuring possible attacks, bad ... | |
Salesforce Data Governance: What dark secrets lurk in your instance? | Patrick Fields | Salesforce only has Sales and Marketing information, right? WRONG!Over the years, Salesforce has grown and ... | |
How to Fix the Diversity Gap in Cybersecurity | Chloé Messdaghi | Women make up just 11 percent and minorities are slightly less than 12 percent of ... | |
Who Dis? The Right Way to Authenticate | Dhivya Sudheer | Online verification of identity today extends across microservices, cloud providers, IoT devices, emerging systems and ... | |
Swimming with the kubectl fish: the why, the how, the what of the CNCF Kubernetes Assessment | Stefan Edwards | Trail of Bits participated in the first wide-scale assessment of Kubernetes for the CNCF. This ... | |
The Zest of ZAP: How scripting in our favorite tool can bridge the gap between dev teams and security | Peter Hauschulz | Security testing has a reputation for being mysteriously technical and conceptually unapproachable to many in ... | |
Pilots, Surgeons and Developers - Improving Application Security With Checklists | Joe Kuemerle | Multiple studies have shown measurable reductions in risk and improved outcomes in both aviation and ... | |
Testing with your left foot forward | Jeremy Long | DevOps has brought many benefits to security - SAST and SCA security tools have been ... | |
IoT AppSec: Automatic Security Analysis of IoT Firmware | Matt Brown | This talk is the result of a 6 month long person project of mine to ... | |
Real Time Vulnerability Alerting by Using Principles from the United States Tsunami Warning Center | Amol Sarwate | Vulnerabilities and attacks are like tsunamis caused by earthquakes that hit without warning, causing high ... |