Join us as we kick off “AppSec Unchained” with a warm welcome from our host. In this opening segment, we’ll set the stage for an engaging and informative evening ahead. Get ready to dive into discussions on application and cloud security, where staying ahead of threats and embracing innovative strategies is paramount. Let’s embark on this journey together as we navigate the ever-evolving cybersecurity landscape. Welcome to “AppSec Unchained”

In 2023, Monzo undertook the ambitious goal of moving away from accessing our internal tools and systems without a VPN and moving to a Zero Trust access strategy inspired by Google’s beyondcorp. This talk walks through how we achieved this in a regulated industry, from the very beginning of issuing trusted identity to our Client Devices, to rolling out the new solution to Monzonauts – and some of the challenges we faced along the way.

Posture and Data don’t lie – risk and fact-driven approach on posture management with deep dive into exploitability, reliability and the likelihood of exploitation.
Abstract
Posture is the art of representing complex problems in simple risk-based visualisation. Risk posture had a lot of hidden measurements and data and was treated like esoteric art. In this talk, we explore various concepts like Exploitation, the likelihood of exploitability, Context and location of an asset and how it influences the exploitability, business impact and how to involve business with risk-based driven metrics.
Focused on data-driven research and visualisation techniques analysing what’s more exploitable from different data sources.
We will explore the difference between a vulnerability base approach and resolution first vs a risk-based approach and success from real case scenarios.
Find your path in this modern, challenging.

CISA KEV: https://phoenix.security/what-is-cisa-kev-main/

Exploit in the wild: https://phoenix.security/what-is-exploitability/

OWASP/Appsec Vulnerability: https://phoenix.security/what-is-owasp-main/

CWE/Appsec Vulnerabilities: https://phoenix.security/what-is-cwe-main/

Writeup on exploitability data: https://phoenix.security/exploitability-data-visualization/ 

Writeup on CISA KEV: https://phoenix.security/cisa-kev-visualization/  

Let’s explore the transformative power of DevSecOps by reviewing how it enables organisations to embed security seamlessly into every stage of the development lifecycle. Learn practical strategies for reducing friction between your security team and your engineers, fortifying your Appsec efforts whilst bolstering resilience and safeguarding against emerging threats.