Binary Analysis for noobs - An Intro to Reverse Engineering
Presented by: Jason Slagle
Do you often find yourself wondering how security researchers discover bugs in systems? How do they earn bug bounties by examining existing software? Are you struggling in CTF challenges whenever you are fed a binary? If so this session is for you! ...
Format: General SessionLevel: Introductory and overviewHTTP Security Headers You Need To Have On Your Web Apps
Presented by: Scott Sauber
In this session, you'll learn about every HTTP Security Header in existence (including HSTS, CSP, XFO, and more) from the bottom up. You'll get an overview of what they are, what they do, and how you can implement them to secure your web applications. On each of these, we'll demo a before and after...
Format: General SessionLevel: Introductory and overviewIntroduction to inner-loop security. Shifting left, but better.
Presented by: Josh Wallace
We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects...
Format: General SessionLevel: IntermediateJakarta EE 10 is Coming Your Way!
Presented by: Ivar Grimstad
Jakarta EE 9 lowered the barriers of entry and established a foundation for future innovation paving the way for Jakarta EE 10. ...
Format: General SessionLevel: IntermediateKeeping your Kubernetes Cluster Secure
Presented by: Gene Gotimer
Many organizations are shifting to containers and Kubernetes, and that move means learning new ways to secure their environments. Kubernetes clusters have to be hardened at different levels. We have to consider the nodes where the Kubernetes control plane is running. We also need to secure the...
Format: General SessionLevel: IntermediateMistaken Identity: SAML and OAuth Security
Presented by: Wolfgang Goerlich
While everyone was focused on credentials, criminals quietly moved to exploiting mistakes in identity. You have a long and strong password? That’s sweet. You’re using all three types of multi-factor? That’s cute. It won’t matter when the adversaries compromise identity protocols after...
Format: General SessionLevel: IntermediateProtecting your API with OAuth
Presented by: Dan Moore
OAuth is a well known standard and is useful for delegating authentication and authorization decisions to a central identity provider. As a developer, you’ve given a token when a grant completes. ...
Format: General SessionLevel: Introductory and overviewRealizing The Benefits Of Container DevSecOps With AWS
Presented by: James Strong
Attendees will learn how to set up, harden, & secure a container pipeline in AWS in this workshop using no servers for that pipeline. Please attend, If you’re interested in integrating security and compliance into a container pipeline to realize the benefits of DevSecOps. We will be using these...
Format: PreCompilerLevel: IntermediateSecuring Your API Endpoints - A Practical Authentication Guide
Presented by: Seth Petry-Johnson
It's never been easier to expose services over HTTP. It's also never been easier to inadvertently expose security holes via those same services. ...
Format: General SessionLevel: Introductory and overviewSpies, Secret Messages, the Internet, and You!
Presented by: Matt Williams
Have you ever wanted to make a secret message? Unreadable without the key? ...
Format: KidzMash SessionzLevel: Introductory and overviewWatch How The Giants Fall: Learning from Bug Bounty Results
Presented by: John Melton
Security is hard. We all miss things. Attackers find things. ...
Format: General SessionLevel: Introductory and overview