The largest gathering of the open security community in North America will soon hit our nation’s capital. Formerly known as AppSec USA, the OWASP Global AppSec DC 2019 takes place on Sept. 9 – 13, 2019 at the Washington Wardman Park Hotel.
Hosted by the OWASP Foundation, the event offers three days of training and two full days of conference to equip developers, defenders and advocates to build safer applications. NowSecure is proud to participate as a Sapphire sponsor and looks forward to discussing mobile appsec with cybersecurity professionals. Take advantage of the opportunity to book a meeting with a team member or stop by Booth S7.
To help you plan for Global AppSec DC 2019 and build your schedule, we’ve highlighted some training and several DevSecOps and application security sessions that our staff is eager to attend.
Seth & Ken’s Excellent Adventures in Secure Code Review
Seth Law, Redpoint Security
Ken Johnson, GitHub
Monday, Sept. 9 and Tuesday, Sept. 10, 9 a.m. – 5 p.m.
Learn from this duo’s past adventures and common challenges in code review in this two-day course. Walk away with methodology to perform analysis of any source code and suss out security flaws, no matter the size of the code base, the framework or the language. You’ll gain the tools to review source code for any mobile app and customize the process to fit into your organization’s security software development lifecycle.
DevSecOps: Automating Security in DevOps
Sumit Siddharth, NotSoSecure
Rohit Salecha, NotSoSecure
Wed., Sept. 11, 9 a.m. – 5 p.m.
Critical bugs and security breaches affecting popular applications could have been prevented using introducing security early in the SDLC. Learn how to take a holistic approach to DevSecOps and automate security within the CI/CD pipeline in this interactive workshop.
Shift Left, Shift Right, or Run Security Right Through the Middle?
Meera Rao, Synopsys
Thurs., Sept. 12, 11:30 – 12:15 p.m.
Dev and security teams have been tasked to devise a strategy to support rapid development of secure software, leading to the emergence of DevSecOps. But security teams want to shift left, development teams want to shift right and operational teams want to practice continuous testing. Hear how you can achieve continuous testing with the right tools, processes and people.
Securing Modern Applications: The Data Behind DevSecOps
Derek Weeks, Sonatype
Thurs., Sept. 12, 3:30 – 4:15 p.m.
New data reveals that three days is the new normal to move organization/security requirements from design into production. Come hear how development and AppSec teams are improving their ability to respond to new organization requirements and cyber risks.
0 to 1 Startup Security
Coleen Coolidge, Segment
Fri., Sept. 13, 10:30 – 11:15 a.m.
Have you contemplated what it takes to bring a startup from no security to going public or becoming an enterprise talent? Hear what it takes from a talent, program and political standpoint to make this happen.
A DevSecOps Tale of Business, Engineering and People
James Wickett, Verica
Fri., Sept. 13, 2:00 p.m. – 3:00 p.m.
Engineering decisions affect the lives of those around us and while the world has radically changed, we still face many of the same root challenges. This session will highlight the high-performing DevSecOps teams of today and introduce a new playbook for devs, ops and security to work together.
Threat Modeling with Flow Diagrams
Jonathan Marcil, Twitch
Fri., Sept. 13, 3:30 p.m. – 4:15 p.m.
Most people perform threat modeling by documenting risk textually but visual representations can be powerful. See how to build flow diagrams to analyze system risk using a whiteboard and vector graphics software, as well as how to create them in code to make threat modeling handy in the real world.
DevSecOps: Essential Pipeline Tooling to Enable Continuous Security
Richard Mills, Coveros
Fri., Sept. 13, 4:30 p.m. – 5:15 p.m.
Nobody has time anymore for slow, manual, late-lifecycle security assessments to determine if their code is going to land them on the front page of the newspaper for the wrong reasons. Come learn about successes and challenges with integrating security into CD/CD pipelines to provide continuous assessment of security posture and the open-source and commercial tools used in the presenter’s project.
All Things Mobile AppSec
As you gear up to attend Global AppSec DC 2019, please make plans to meet with NowSecure and visit us at Booth S7. As a proud sponsor of OWASP, we look forward to the event. Whether you make it to Washington, D.C. or not, you’re sure to find our new Manager’s Guide to the OWASP Mobile Application Security Project a useful resource. Our reference guide explains how to use the organization’s resources to build efficient, effective mobile app security programs.