Hands On Threat Modeling Workshop
Presented by: Robert Hurlbut
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software...
Format: PreCompilerLevel: IntermediateiOS Application Security Testing
Presented by: Hans Weisheimer
This hands-on session is aimed at mobile app developers, QA testers, aspiring security testers, and other suspicious persons. ...
Format: PreCompilerLevel: IntermediateApplication Security, Basic, Intermediate, Advanced
Presented by: Bill Sempf
Bill will be joining us to teach a dynamic course to help us think like an attacker and give us all the coding tips we need to stop them cold in their tracks. Even the most experienced developers are sure to pick up some new tips and tricks. This hands-on half-day workshop will have something for...
Format: PreCompilerLevel: IntermediateBuilding a DevSecOps Pipeline
Presented by: Gene Gotimer
The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to...
Format: PreCompilerLevel: IntermediateSecuring Your API Endpoints - A Practical Authentication Guide
Presented by: Seth Petry-Johnson
It's never been easier to expose services over HTTP. It's also never been easier to inadvertently expose security holes via those same services. ...
Format: General SessionLevel: IntermediateA Series of Unfortunate Events - What Happens When Your App is Hacked.
Presented by: Joe Kuemerle
Many of us know about the various security checklists and how we should write more secure code. In this session we will move beyond top 10 lists and dive into the world of how attackers compromise systems and how they use those compromises to exploit both individuals and companies. ...
Format: General SessionLevel: IntermediateApp Deco - Applied Design Thinking for Secure Development
Presented by: Wolfgang Goerlich
Usability versus security is stupid. It forces us to choose one or the other. It excuses security breaches under the guise of usability. It automatically pits us against them, builders against breakers, developers against defenders. A better approach is to view security like usability: they happen...
Format: General SessionLevel: IntermediateDDoS Attacks: Threat Landscape & Defensive Countermeasures
Presented by: Chris Holland
October 2016’s attack on Dyn's DNS infrastructure was a gloomy wake-up call to the online community at-large, depriving us access to some of the online destinations and applications we use every day, thereby confronting us with the stark reality of an old and ever-growing threat with which the...
Format: General SessionLevel: IntermediateUnderstanding the identity business, and how to get out of it
Presented by: Jeff Putz
Knowing who is using your software is super fundamental. It's less important than ever to have to manage those identities yourself, but you can't escape understanding the protocols and players. Let's talk about how things like OAuth2 actually work, and then decide if you can get out of the business...
Format: General SessionLevel: Intermediate