The Open Web Application Security Project (OWASP) will hit the fabled Pacific Coast Highway next week to host AppSec California 2019 in Santa Monica, Calif. Kicking off on Tuesday, Jan. 22 at the Annenberg Community Beach House, the conference offers talks, training and exhibits for info security, QA and testing professionals, developers, and pen testers.
The NowSecure team looks forward to participating in AppSec California as a Platinum Sponsor. To help build your event schedule, we’re sharing our session recommendations for those interested in mobile app security, DevSecOps and open-source tools.
Our mobile appsec and pen testing experts are ready to discuss all things mobile app sec. Come join us on Silicon Beach by registering for the conference and stop by Table #9.
CISO Panel: Baking Security Into the SDLC
Richard Greenberg, OWASP and the Los Angeles County Department of Public Health
Coleen Coolidge, Segment
Martin Mazor, Entertainment Partners
Bruce Phillips, Williston Financial
Shyama Rose, Avant
Thursday, Jan. 24, 9:40 a.m. – 10:30 a.m.
Agile and DevOps methodologies speed the volume and velocity of updates. How and when does security fit in? CISOs share their real-world experiences coping with the rapid changes in application development. As proponents of incorporating automated mobile appsec testing into the dev pipeline, we’re eager to hear how these practitioners bake in security.
Capture the Flag and IoT Village
Aaron Guzman, Aon Cyber Solutions
Thursday, Jan. 24, 9:40 a.m. – 5:10 p.m.
Try your hand at attacking Internet of Things (IoT) devices on a network of new and old nodes, including automotive and medical devices. Get a free virtual machine with vulnerable emulated firmware and preloaded tools and join the fun.
The White Hat’s Advantage: Open-Source OWASP Tools to Aid in Penetration Testing Coverage
Vincent Hopson, CodeDX
Thursday, Jan. 24, 11 a.m. – 11:50 a.m.
Learn about two new open-source OWASP tools to boost the efficiency and coverage of web app pen testing. View a demo and dig into the details of the OWASP Code Pulse and Attack Surface Detector which leverage access to source code. NowSecure recommends pen testing as part of secure mobile app development and has a rich heritage in OSS through our support for Frida, Radare and the upcoming Capstone Engine release.
Lightning Talk: Working with Developers for Fun and Progress
Leif Dreizler, Segment
Thursday, Jan. 24, 12 p.m. – 12:25 p.m.
Forging a strong relationship with developers is key to creating an impactful AppSec program. As many know all too well, the absence of one will impede bug fixes and releases. Learn how Segment built close ties to developers using competition-based training, partnerships during tooling rollouts and contributions to the existing codebase. The topic appeals to us because we call can benefit from practical advice for breaking down barriers to instill a DevSecOps culture.
Account security presents a vexing problem for organizations and encompasses much more than requiring complex passwords and offering two-factor authentication. This session will explore several options for protecting users and applications and highlight GitHub’s journey towards strengthening account security. This session is of particular interest to us because NowSecure automated mobile app security testing tool offers pre-built integration with the popular GitHub version control platform.
Preventing Mobile App and API Abuse
Skip Hovsmith, Critical Blue
Friday, Jan. 25, 11:45 a.m. – 12:35 p.m.
Attend this session to follow the ShipFast courier service’s evolving mobile app and API security approach as it beats back malicious ShipRaider. This fast-paced overview of mobile attacks and countermeasures explores the defense in-depth techniques required to protect your mobile apps and API back-ends. Many clients come to us for advice about implementing TLS and cert pinning in their mobile apps so we know the topic is of keen interest to the appsec community.
Lessons Learned from the DevSecOps Trenches
Devdatta Akhawee, Dropbox
Doug DePerry, Datadog
Divya Dwarakanath, Snap
Clint Gibler, NCC Group
John Heasman, DocuSign
Astha Singhal, Netflix
Friday, Jan. 25, 2 p.m. – 2:50 p.m.
While DevOps offers a number of benefits for the engineering team, it can tax security teams who are already outnumbered by engineers. Learn how several leading companies have invested in tools, processes and policies to amplify the efforts of AppSec programs. NowSecure can help such initiatives with our automated mobile appsec testing tool that plugs into the DevOps toolchain.
Going Back to Cali
Learn more about shifting left by integrating automated mobile appsec testing into the DevOps pipeline. Schedule a meeting with the experts from NowSecure or visit Table #9 to hear about our solutions for speeding the delivery of secure mobile apps.