OWASP AppSec USA kicks off in San Jose on Monday, Oct. 8, and NowSecure is proud to participate in the event as a Platinum Sponsor. As always, AppSec USA offers valuable one to three-day training at the beginning of the week that we encourage you to take advantage of. In addition, the Women in AppSec program provides opportunities for networking with like-minded colleagues, instructors, and graduate and undergraduate students.
To help you plan your time during the general sessions on Thursday and Friday, we’ve highlighted several sessions that we’re eager to attend. And of course if you’d like to chat with one of our mobile appsec experts at the conference, click here to book a meeting with us or stop by Booth P9.
in(Security) is eating the world; speed and autonomy is our only hope for defense
Michael Coates, Altitude Networks
Thursday, Oct. 11, 9:00 a.m. – 9:45 a.m.
The solution to security challenges is not to add more humans to tackle the problem — automate or die. The future of security is a dramatic shift to autonomy, scale and speed. Come hear about this strategy.
Why? We absolutely agree that automation is the only way to go. Humans can’t keep pace with the ever-increasing release cycle, which is why we built solutions to automate mobile appsec testing.
Dominos’ Delivery of a Faster Response Was No Standard Order
Michael Sheppard, Dominos
Thursday, Oct. 11, 10:15 a.m. – 10:50 a.m.
Learn how Dominos Pizza transformed a complex, multi-ticket, time-consuming process into an automated application security engagement workflow. Embracing DevOps best practices and tools, Dominos’ security team now responds faster than ever.
Why? The company has a great DevOps story and we love pizza… and ordering pizza through mobile apps.
Identifying and Remediating Security Vulnerabilities in AI Assistant-Based Applications
Abraham Kang, Samsung Research America
Thursday, Oct. 11, 11:45 a.m. – 12:20 p.m.
Intelligent assistants are and will be everywhere, but they are susceptible to attack. Hear how assistant applications are hacked and how to identify and address vulnerabilities.
Why? AI assistants are cool but extend the risk attack surface and must be addressed. And so many of them have mobile app interfaces, too.
Mobile BDD Security Tests on Steroids: A New Framework to Automate MSTG and MSVS in Your CI/CD Pipeline
Davide Cioccia, ING
Thursday, Oct. 11, 3:30 p.m. – 4:05 p.m.
While enterprises constantly face mobile security challenges, one main obstacle is speed and repeatability of security tests for each release or build. Automated mobile security testing offers a practical solution. Learn how to create tests with a combination of mobile UI automation frameworks and languages.
Why? Because we’re all about DevSecOps and are proud to support OSS such as Frida and Radare, among many other tools.
Threat Model-as-Code: A Framework to Go from Codified Threat Modeling to Automated Application Security Testing
Abhay Bhargav, we45
Thursday, Oct. 11, 4:15 p.m. – 4:34 p.m.
Threat modeling is critical for product engineering teams, but rarely performed or done without actionable outcomes. The best way to do threat modeling is to incorporate it into the software development lifecycle. Learn how test automation frameworks can improve threat modeling and security testing in your organization.
Why? We too are big believers in threat modeling and automated testing — check out our recorded webinar on threat modeling for mobile appsec testing.
Defensible Application Security for the Artificial Intelligence Era
Chenxi Wang, Rain Capital
Friday, Oct. 12, 9:00 a.m. – 9:45 a.m.
From the beginning of the Internet, humans have struggled with how to trust in the digital world. Explore trust and how the infusion of machine learning and AI impact design principles for application security.
Why? We’re interested in AI and anything the venerable security guru Chenxi Wang has to say.
Battle Tested Application Security
Ty Sbano, Periscope Data
Friday, Oct. 12, 10:15 a.m. – 10:50 a.m.
Building application security programs from scratch or dropping them into existing ones can create a war zone. Gain insight for dealing with different environments and driving the culture of security to defend and empower the organization.
Why? This apt title reflects the real world we all face and the need to shape the security culture of the organization. In addition, Ty Sbano has impressive experience with many leading organizationes.
Serverless Infections: Malware Just Found a New Home
Erez Yalon, Checkmarx
Friday, Oct. 12, 11:00 a.m. – 11:35 a.m.
What does serverless computing entail when it comes to security? With no dedicated server, is the security risk higher or lower? Can malware live inside the code? These are critical questions every organization shifting to a serverless environment should be asking. Learn about the findings of a Remote Code Execution attack on a serverless environment and watch as an attack is executed.
Why? Serverless is a whole new ballgame for creative apps and hacker attacks that security pros need to figure out how to protect. And serverless mobile to mobile is coming soon.
Empowering Modern Development with Security Automation – Trials and Tribulations from the Trenches
Devdatta Akhawee, Dropbox
Scott Behrens, Netflix
Doug DePerry, Datadog
Clint Gibler, NCC Group
John Heasman, DocuSign
Zane Lackey, Signal Sciences
Friday, Oct. 12, 11:45 a.m. – 12:20 p.m.
Adopting agile development practices has allowed companies to iterate more quickly, allowing them to be responsive to customer needs and deliver new features in a fraction of the time. While this rapid release cycle benefits the engineering team, it can tax an already weary security team.
Why? This panel discussion features a large roster of security experts from top companies.
Security Culture Hacking: Disrupting the Security Status Quo
Chris Romeo, Security Journey
Friday, Oct. 12, 1:30 p.m. – 2:05 p.m.
Explore the world of security culture hacking. Come away with tips and stories about how to influence security culture along with an actionable 30/60/90/1-year plan for infusing it into your organization.
Why? This presents a fascinating look into disrupting the status quo.
Making Security Approachable for Developers and Operators
Armon Dadger, HashiCorp.
Friday, Oct. 12, 3:30 p.m. – 4:15 p.m.
Embracing a ‘weakest link’ mentality means we need to be concerned with every threat vector, but that can be difficult when bringing developers and operators into the fold. Hear how to apply best practices and make them accessible to DevOps through APIs, secure by default platforms and policy as code.
Why? This bonus eleventh entry is all about the team and we agree that security should be built in and the need for approachability for all roles.
Pay Us a Visit
Are you curious about automating mobile appsec testing and integrating it into the dev toolchain? Schedule a meeting with experts from NowSecure or stop by Booth P9 to hear about our solutions for ensuring the security of the mobile apps you build, buy and use.