Friday the 13th: Attacking JSON
|
Oleksandr Mirosh
,
Alvaro Muñoz
,
HPE
|
Overcoming Mobile App Security Challenges with DevOps
|
NowSecure
|
Making Vulnerability Management Less Painful with OWASP DefectDojo
|
Greg Anderson
|
Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation
|
|
iGoat – A Self Learning Tool for iOS App Pentesting and Security
|
|
How to stop worring about application Container security
|
|
Leveraging Blockchain for Identity and Authentication in IoT is good for Security
|
|
Where we’re going… we won’t need passwords…
|
Michael Stewart
,
USAA
|
Securing C code that seems to work just fine
|
Fastly
|
Leveraging the ASVS in the Secure SDLC
|
|
Application Security “Built from Scratch”
|
|
An Agile Framework for Building GDPR Privacy and Data Protection Requirements into SDLC
|
Security Compass
|
Monitoring Application Attack Surface and Integrating Security into DevOps Pipelines
|
|
Androsia: A tool for securing in memory sensitive data
|
Samit Anwer
|
Handling of Security Requirements in Software Development Lifecycle
|
|
Core Rule Set for the Masses
|
|
Building a Secure DevOps Pipeline
|
|
WAFs FTW! A modern devops approach to security testing your WAF
|
Zack Allen
,
ZeroFOX
|
Automating TLS Configuration Verification on the Back-End of the Web Application Stack
|
Steven Danneman
,
Security Innovation
|
Common Developer Crypto Mistakes (with illustrations in Java)
|
|
Practical Dynamic Application Security Testing within an Enterprise
|
Verizon
|
When Molehill Vulnerabilities Become Mountainous Exploits
|
Checkmarx
|
Juggling the Elephants – Making AppSec a Continuous Program
|
Aspect Security
|
Beyond Takeover – Attacker’s in. Now what?
|
Itsik Mantin
,
Imperva
|
DevSecOps is real - What we learned by matching our appsec testing to our continuous release cycles
|
|
What We Learned Remediating XSS in GitHub Open Source Projects
|
|
Supply Chain Anarchy – Trojaned Binaries in the Java Ecosystem
|
Contrast Security
|
Beyond End-to-End Encryption: Threats Models For Secure Messaging
|
|
SPLC as a Service
|
Adobe Systems, Inc.
|
Popular Approaches to Preventing Code Injection Attacks are Dangerously Wrong
|
Waratek
|
Cookie Security – Myths and Misconceptions
|
Synopsys
|
HUNT: Data Driven Web Hacking & Manual Testing
|
Bugcrowd
|
Moving Fast and Securing Things
|
|
Top 10 Security Best Practices to secure your Microservices
|
|
DASTProxy: Don’t let your automated security testing program stall on crawl. Instead focus on business context.
|
|
Crafting the next-generation Man-in-the-Browser Trojan
|
|
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections
|
|
KeyNote - Discussion on Application Security: John Steven and Jim Manico will be discussing application security from a unique perspective.
|
Synopsys
|
Passive Fingerprinting of HTTP/2 Clients
|
Elad Shuster
,
Akamai
|
How to detect CSRF vulnerability, reliably?
|
|
An Overview of API Underprotection
|
|
“Capture the Flag” for Developers: Upping your Training Game
|
Aspect Security
|
Embedding GDPR into the SDLC
|
Steven Wierckx
|
NoSQL Is Not NoVulnerable
|
|
Test Driven Security in the DevOps pipeline
|
Julien Vehent
,
Mozilla
|
There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge
|
Netflix
|
A Static Tainting Analysis Method for Aspect-Oriented Programs
|
|
ReproNow: Save time Reproducing and Triaging Security bugs
|
Salesforce
|
Black-Box Approximate Taint Tracking by Utilizing Data Partitioning
|
|
This Old App, a guide to renovating apps for the cloud
|
|
Building Secure ASP.NET Core MVC Applications
|
CA Veracode
|
How To Approach InfoSec Like a Fed(eral Auditor)
|
Aspect Security
|
Measuring End-to-End Security Engineering
|
|
An Investigation into the Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi
|
|
Federated Login CSRF
|
Microsoft Corporation
|
KeyNote - Runa A. Sandvik: Building a Culture of Security at The New York Times
|
|
KeyNote - Tony UcedaVelez: Fixing Broken Enterprise Threat Models w/ OWASP Measures: Commissioning AppSec Professionals for Real Change
|
|
Enhancing Physical Perimeter Defense Using SDR
|
|