Session List

Session List2019-10-02T20:07:53+00:00

A Series of Unfortunate Events - What Happens When Your App is Hacked.

Presented by: Joe Kuemerle

Many of us know about the various security checklists and how we should write more secure code. In this session we will move beyond top 10 lists and dive into the world of how attackers compromise systems and how they use those compromises to exploit both individuals and companies. ...

Tags: SecurityFormat: General SessionLevel: Intermediate

Analysis and Defense of Automotive Networks

Presented by: Samuel Hollifield

Note: This precompiler will require an additional ticket purchase in order to retain the Arduino hardware featured in the presentation. ...

Tags: Hardware, Python, SecurityFormat: PreCompilerLevel: Introductory and overview

API Gateways and Microservices: 2 peas in a pod

Presented by: Santosh Hari

Chances are you’ve already gone through the tedious process of decomposing your monolith into microservices, or at the very least, want to use microservices in the near future. Nowadays, microservices connect to various APIs. These APIs could differ in protocols (REST/SOAP), where they’re hosted...

Tags: Cloud, Other, SecurityFormat: General SessionLevel: Introductory and overview

App Deco - Applied Design Thinking for Secure Development

Presented by: Wolfgang Goerlich

Usability versus security is stupid. It forces us to choose one or the other. It excuses security breaches under the guise of usability. It automatically pits us against them, builders against breakers, developers against defenders. A better approach is to view security like usability: they happen...

Tags: Design (UI/UX/CSS), SecurityFormat: General SessionLevel: Advanced

Application Security, Basic, Intermediate, Advanced

Presented by: Bill Sempf

Bill will be joining us to teach a dynamic course to help us think like an attacker and give us all the coding tips we need to stop them cold in their tracks. Even the most experienced developers are sure to pick up some new tips and tricks. This hands-on half-day workshop will have something for...

Tags: Security, TestingFormat: PreCompilerLevel: Intermediate

Blockchain from the Firehose

Presented by: Jacob Coulter

Take an in-depth look at Bitcoin, the blockchain that started it all. This session will cover all the pieces required to build a trustless distributed ledger. Learn from the most fundamental building blocks like hashing algorithms, transactions, and blocks, to the more advanced concepts such as...

Tags: SecurityFormat: General SessionLevel: Introductory and overview

Building a DevSecOps Pipeline

Presented by: Gene Gotimer

The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to...

Tags: Other, SecurityFormat: PreCompilerLevel: Intermediate

Capture That Flag : How CTF Competitions Make You a Better Developer

Presented by: John Koerner

Have you ever been asked to "think like a hacker?" Do your eyes glaze over when you have to sit through a security audit of your application? Do you want to avoid having an incident like Target, Capital One, or Equifax? If any of these apply to you, consider participating in a Capture the Flag (CTF)...

Tags: SecurityFormat: General SessionLevel: Introductory and overview

Continuous Security

Presented by: Craig Hills

A presentation on how to build security testing into your CI/CD pipeline. The primary goal is to think about what the appropriate level of testing is for your project, and determine how to make the most significant improvements to your security, while being cost effective.

Tags: Ruby/Rails, Security, TestingFormat: General SessionLevel: Introductory and overview

DDoS Attacks: Threat Landscape & Defensive Countermeasures

Presented by: Chris Holland

October 2016’s attack on Dyn's DNS infrastructure was a gloomy wake-up call to the online community at-large, depriving us access to some of the online destinations and applications we use every day, thereby confronting us with the stark reality of an old and ever-growing threat with which the...

Tags: Other, SecurityFormat: General SessionLevel: Intermediate

Explain it to me like I'm 5: Oauth2 & OpenID

Presented by: Daniel Mikusa

Oauth2 and OpenID are quickly becoming mainstays for application developers. Companies want integrated authentication to reduce security footprints and users expect the convenience of single sign-on. As an application developer, it's up to you to facilitate this in your applications. ...

Tags: .NET, Cloud, Java, Javascript, SecurityFormat: General SessionLevel: Introductory and overview

Hack Your App - Intro to Mobile Security Testing

Presented by: Hans Weisheimer

Your phone really doesn’t want you to see what’s going on under the hood - it’s a feature. Many of the introspection capabilities that exist for web development are absent by default on mobile platforms. This is particularly frustrating when you need to validate assumptions or security...

Tags: Mobile, Security, TestingFormat: General SessionLevel: Introductory and overview

Hacking on a home server for fun and profit

Presented by: Leo Guinan

Do you have a Raspberry Pi or similar just gathering dust at home? Or maybe various other computer components hanging around? If you do, come join Leo's journey down the road of system administration, beginning with an assortment of Raspberry Pis, and current in the form of a rack server. He will...

Tags: Hardware, Other, SecurityFormat: General SessionLevel: Introductory and overview

Hands On Threat Modeling Workshop

Presented by: Robert Hurlbut

Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software...

Tags: Security, Soft Skills/BusinessFormat: PreCompilerLevel: Intermediate

iOS Application Security Testing

Presented by: Hans Weisheimer

This hands-on session is aimed at mobile app developers, QA testers, aspiring security testers, and other suspicious persons. ...

Tags: Mobile, Security, TestingFormat: PreCompilerLevel: Intermediate

Practical Cryptography for Developers

Presented by: Anthony Eden

Understanding the building blocks for cryptography is important for every software developer, especially as the quantity and value of data stored and sent over networks continues to grow. In this talk I will introduce you to the fundamentals of cryptography, demonstrating concepts such as symmetric...

Tags: SecurityFormat: General SessionLevel: Introductory and overview

Protecting Yourself Online and IRL

Presented by: Steve Grunwell

There's an old adage about fools and money being easily separated, but the same can be said for data. Every day, people are finding new and innovative ways to harvest information about you, whether it's for fame, fortune, or just for the lulz. ...

Tags: Security, Soft Skills/BusinessFormat: KidzMash SessionzLevel: Introductory and overview

Securing Your API Endpoints - A Practical Authentication Guide

Presented by: Seth Petry-Johnson

It's never been easier to expose services over HTTP. It's also never been easier to inadvertently expose security holes via those same services. ...

Tags: .NET, Javascript, SecurityFormat: General SessionLevel: Intermediate

Speed, security and simplicity: Creating Container Images with Cloud Native Buildpacks

Presented by: Daniel Mikusa

Buildpacks are a pluggable, modular, language-agnostic tool that takes application source code and in turn give you an OCI (Open Container Initiative) image which you can run using Docker, Kubernetes or your OCI Runtime of choice. ...

Tags: .NET, Cloud, Java, Javascript, Ruby/Rails, Python, SecurityFormat: General SessionLevel: Introductory and overview

Super-Secret Spy Club

Presented by: Matt Insko

Get inducted into the first-ever KidzMash “Super-Secret Spy Club!” ...

Tags: Hardware, Security, Soft Skills/BusinessFormat: KidzMash SessionzLevel: Introductory and overview

Tests Your Pipeline Might Be Missing

Presented by: Gene Gotimer

Developing a delivery pipeline means more than just adding automated deploys to the development cycle. It’s about gaining confidence that your builds are viable candidates for release or production. For development to be successful, tests of all types must be incorporated throughout the process to...

Tags: Security, TestingFormat: General SessionLevel: Introductory and overview

Threat Modeling on the Family Road Trip and Other Strategies for Delivering Secure Applications

Presented by: Angela Pinney

Gene Spafford said: “The only truly secure system is one that is powered off...” ...

Tags: Security, Soft Skills/Business, TestingFormat: General SessionLevel: Introductory and overview

Understanding the identity business, and how to get out of it

Presented by: Jeff Putz

Knowing who is using your software is super fundamental. It's less important than ever to have to manage those identities yourself, but you can't escape understanding the protocols and players. Let's talk about how things like OAuth2 actually work, and then decide if you can get out of the business...

Tags: Cloud, Other, SecurityFormat: General SessionLevel: Intermediate

What's in Your Docker? Open Source Security Vulnerabilities in Containers

Presented by: Matt Williams

So you stay on top of operating system vulnerabilities and patch ...

Tags: Other, SecurityFormat: General SessionLevel: Introductory and overview