Tuesday
No Sessions
Wednesday
No Sessions
Thursday
Threat Modeling on the Family Road Trip and Other Strategies for Delivering Secure Applications
Presented by: Angela Pinney
Time: Thursday 8:00 AM - 9:00 AMGene Spafford said: “The only truly secure system is one that is powered off...” Everyone wants secure applications, but creating them is hard, and we don't all have security certifications. How do you know where to start when "security" is not your full-time job? And how do you get the rest of...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewCapture That Flag : How CTF Competitions Make You a Better Developer
Presented by: John Koerner
Time: Thursday 9:15 AM - 10:15 AMHave you ever been asked to "think like a hacker?" Do your eyes glaze over when you have to sit through a security audit of your application? Do you want to avoid having an incident like Target, Capital One, or Equifax? If any of these apply to you, consider participating in a Capture the Flag (CTF)...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewPractical Cryptography for Developers
Presented by: Anthony Eden
Time: Thursday 10:30 AM - 11:30 AMUnderstanding the building blocks for cryptography is important for every software developer, especially as the quantity and value of data stored and sent over networks continues to grow. In this talk I will introduce you to the fundamentals of cryptography, demonstrating concepts such as symmetric...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewSecuring Your API Endpoints - A Practical Authentication Guide
Presented by: Seth Petry-Johnson
Time: Thursday 11:45 AM - 12:45 PMIt's never been easier to expose services over HTTP. It's also never been easier to inadvertently expose security holes via those same services. This session is designed for the average developer/architect that wants a brief overview of API security without getting into the weeds of cryptography...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: IntermediateWhat's in Your Docker? Open Source Security Vulnerabilities in Containers
Presented by: Matt Williams
Time: Thursday 1:00 PM - 2:00 PMSo you stay on top of operating system vulnerabilities and patch regularly, but did you ever consider that there may be vulnerabilities in your containers? In March of 2015, a report that over 30% of the "official" images in the Docker Hub contained high priority security vulnerabilities was issued...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewA Series of Unfortunate Events - What Happens When Your App is Hacked.
Presented by: Joe Kuemerle
Time: Thursday 3:30 PM - 4:30 PMMany of us know about the various security checklists and how we should write more secure code. In this session we will move beyond top 10 lists and dive into the world of how attackers compromise systems and how they use those compromises to exploit both individuals and companies. You will see...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: IntermediateApp Deco - Applied Design Thinking for Secure Development
Presented by: Wolfgang Goerlich
Time: Thursday 4:45 PM - 5:45 PMUsability versus security is stupid. It forces us to choose one or the other. It excuses security breaches under the guise of usability. It automatically pits us against them, builders against breakers, developers against defenders. A better approach is to view security like usability: they happen...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: IntermediateFriday
Hack Your App - Intro to Mobile Security Testing
Presented by: Hans Weisheimer
Time: Friday 8:30 AM - 9:30 AMYour phone really doesn’t want you to see what’s going on under the hood - it’s a feature. Many of the introspection capabilities that exist for web development are absent by default on mobile platforms. This is particularly frustrating when you need to validate assumptions or security...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewContinuous Security
Presented by: Craig Hills
Time: Friday 9:45 AM - 10:45 AMA presentation on how to build security testing into your CI/CD pipeline. The primary goal is to think about what the appropriate level of testing is for your project, and determine how to make the most significant improvements to your security, while being cost effective.
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewExplain it to me like I'm 5: Oauth2 & OpenID
Presented by: Daniel Mikusa
Time: Friday 11:00 AM - 12:00 PMOauth2 and OpenID are quickly becoming mainstays for application developers. Companies want integrated authentication to reduce security footprints and users expect the convenience of single sign-on. As an application developer, it's up to you to facilitate this in your applications. In this talk,...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overviewDDoS Attacks: Threat Landscape & Defensive Countermeasures
Presented by: Chris Holland
Time: Friday 12:15 PM - 1:15 PMOctober 2016’s attack on Dyn's DNS infrastructure was a gloomy wake-up call to the online community at-large, depriving us access to some of the online destinations and applications we use every day, thereby confronting us with the stark reality of an old and ever-growing threat with which the...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: IntermediateHacking on a home server for fun and profit
Presented by: Leo Guinan
Time: Friday 2:45 PM - 3:45 PMDo you have a Raspberry Pi or similar just gathering dust at home? Or maybe various other computer components hanging around? If you do, come join Leo's journey down the road of system administration, beginning with an assortment of Raspberry Pis, and current in the form of a rack server. He will...
Room: Aloeswood / LeopardwoodTrack: SecurityFormat: General SessionLevel: Introductory and overview