Login
Get Access
Demo

Events

Appsec Unbounded – Revolutionize the Application Security Event

Appsec Unbounded an evening in the application and cloud security

  • Application security – the modern way to build
  • Appsec and AI
  • Product security

Prizes and awards are available on the day!

Online Event
2024-04-18
03:30 PM
  - 09:00 PM
Learn More

About the Event

Online Event
2024-04-18
03:30 PM
  - 09:00 PM

In an era where digital threats evolve faster than ever, the traditional approaches to application security no longer suffice. “AppSec Unbounded” is an exclusive event designed for forward-thinking product security professionals, dedicated to exploring the convergence of AI, application security, and innovative vulnerability management techniques.

Why “AppSec Unbounded”?

Dive into an impactful evening that promises to inform and transform the way you think about application and cloud security. With a keen focus on modern methodologies for combating cyber threats, “AppSec Unbounded” is your gateway to staying ahead in the cybersecurity arena.

Key Themes:

  • AI and Application Security: Uncover the latest AI-powered tools and techniques that are setting new standards in securing applications.
  • Data-Driven Vulnerability Management: Explore how leveraging data can revolutionize your approach to identifying and mitigating vulnerabilities.
  • Running Effective Application Security Programs: Gain insights into orchestrating security programs that bridge the gap between development, security, and business objectives.
  • ASPM and Posture Management: Learn about Advanced Security Posture Management (ASPM) and how to maintain an optimal security posture in a dynamic threat landscape.

Why Attend?

  • Innovative Solutions: Discover new methodologies for securing applications and software using AI and advanced vulnerability management strategies.
  • Expert Insights: Hear from leading voices in application security and AI, sharing their knowledge and groundbreaking research.
  • Networking Opportunities: Connect with fellow security professionals, share experiences, and collaborate on future security challenges.
Event registration closed.

Submit your talk

We invite experts in Application Security 
and AI to share their insights and experiences. Want to showcase all the new methods and ideas on how to operate in product security with ai and bridging runtime, business, dev and sec

Submit a talk

Speakers

Francesco Cipollone

Founder & CEO
 Phoenix Security

Read More

Derek Fisher

Head of product security at a global fintech

Read More

Chris Romeo

CEO, Devici

Read More

Christophe Parisel

Senior Cloud Security Architect

Read More

Jim Manico

Director Manicode Security OWASP Top 10/ Java

Read More

James Bethroty

Founder Latio Tech

Read More

Jeevan Singh

Director of Security Engineering at Rippling

Read More
Submit a talk

Agenda

Cybersecurity professionals who need to ingest the flurry of risks & recommendations dealing with AI risks can easily get lost and find it hard to quantify residual risks with accuracy. The proposed approach is get back to the root cause and to focus solely on the disruptive elements of LLM. From that perspective, the risks become clear and we can reason about them. We define 3 standard architecture security patterns to deal with them in most Corporate LLM use cases.

 

AI as the venture capitalist nightmare: a security scanner built in a day can outperform muilti-million dollar scanners. In this talk, we explore using https://github.com/latiotech/LAST as an 8-in-1 application security tester.

Comparing the scan results of https://github.com/latiotech/LAST against multiple categories of tools – both dependencies and SAST, highlighting what it’s best at and what it struggles with.

Explore building scaled AppSec programs in large and fast-growing orgs. Learn about areas like, hiring security engineers, scaling security tools and creating a democratized vulnerability management program where Engineering leaders own vulns.

Have you wondered what it is like to build an AppSec program at a very large org? What about an org that had acquired a lot of different companies with different tech stacks?

This talk will help you focus your energy to build a scaled AppSec program and to avoid problems along the way. Deep dive into topics:

– Different maturity levels for AppSec programs
– How to hire the right individuals
– How to leverage your tools
– How to build a democratized vulnerability management program

Secure and privacy by design are not only possible but game-changing. Threat modeling unlocks the power of secure and privacy by design. Threat modeling opens hidden challenges critical for CISOs and security leaders to understand and implement effectively. Explore actionable threat modeling and the Threat Modeling Capabilities project, offering a sound, battle-tested approach for threat modeling. It’s a guide for your developers to improve your software, one design at a time.

 

In this 60-minute presentation, Jim Manico, a renowned expert in secure coding and application security, will delve into the multifaceted world of Artificial Intelligence (AI), exploring its history, ethical considerations, robustness, and security. The talk is meticulously designed to provide a deep understanding of AI’s evolution, its impact on business and ethical dimensions, the security challenges it presents, and the regulatory landscape shaping its future.


Session Outline:
A Brief History of AI (5 minutes)
– A concise overview of AI’s evolution, highlighting key milestones and technological advancements.
 
AI and Ethics (10 minutes)
– Business Implications: Examining AI’s influence on business decision-making and operations.
– AI Ethics Guidelines and Frameworks: A summary of principal ethical standards in AI.
– Ethical AI Best Practices: Strategies for ethical AI implementation.
– AI Ethics Risk Mitigation: Methods to identify and alleviate ethical risks in AI applications.
 
Robustness & Reliability of AI Code Generation (5 minutes)
– Common Misuse Patterns: Addressing frequent misuse scenarios in AI.
– Reliability Metrics: Essential metrics for AI system reliability assessment.
– Artificial Intelligence Security Introduction (5 minutes)


2015 had a much simpler scenario; from that point, cloud, container, advanced development and warped speed have created more complex scenarios. How can a modern develops team really help developers?
What is an asset in this modern scenario? How are assets related to each other?
We will explore the concepts of reachability and exploitability and the value of those concepts in the exploitation of vulnerability.
We will walk through the complex scenario and propose a solution that has helped other tech and fintech startups prioritize the vulnerabilities with context and measure progress.
The talk will bring data-driven scenarios on what’s exploitable, fixable, etc…
Writeup on exploitability data: https://phoenix.security/exploitability-data-visualization/
Writeup on CISA KEV: https://phoenix.security/cisa-kev-visualization/

CISA KEV: https://phoenix.security/what-is-cisa-kev-main/
Exploit in the wild: https://phoenix.security/what-is-exploitability/
OWASP/Appsec Vulnerability: https://phoenix.security/what-is-owasp-main/
CWE/Appsec Vulnerabilities: https://phoenix.security/what-is-cwe-main/
Writeup on exploitability data: https://phoenix.security/exploitability-data-visualization/ 

Writeup on CISA KEV: https://phoenix.security/cisa-kev-visualization/  

In this session, we’ll dissect the workings of traditional manual, tool-assisted, and code-based approaches to threat modeling, focusing on achieving the delicate balance between speed and depth in processes. Attendees will gain invaluable insights into the advantages, limitations, and strategic integration of these methodologies into the Software Development Lifecycle (SDLC). Whether you’re a seasoned security professional or a software developer looking to bolster your organization’s security posture, this session promises to equip you with practical knowledge and actionable strategies for optimizing threat modeling practices.

 

Elevate your "AppSec Unchained" experience by participating in our interactive Kahoot games!

Elevate your “AppSec Unchained” experience by participating in our interactive Kahoot games! We’re taking engagement to the next level with three rounds of cybersecurity-themed challenges. Showcase your knowledge and compete for top honors. The stakes are high and the rewards are enticing:

  • 1rd Prize: Unlock endless possibilities with Flipper Zero! A compact, versatile tool for tech enthusiasts and security buffs. Explore, hack, and test with ease!
  • 2nd Prize: Dive into the world of engineering with a state-of-the-art Lego Technic set, designed to challenge and inspire innovation.
  • 3rd Prize: Immerse yourself in superior sound with Sony Wireless Headphones! Enjoy noise-canceling technology for uninterrupted listening, wireless convenience, and premium comfort.

Winner will be announced at the end of the event

Register to Attend

Online Event
2024-04-18
03:30 PM
  - 09:00 PM

Appsec Unbounded an evening in the application and cloud security

  • Application security – modern way to build
  • Appsec and AI
  • Product security

Prices and awards available on the day!

Event registration closed.

Francesco Cipollone

Linkedin

Founder & CEO Phoenix Security

Francesco is a seasoned entrepreneur, CEO of the Contextual-based vulnerability management platform from code to cloud Phoenix Security, author of several books, host of multi-award Cyber Security & Cloud Podcast, speaker and known in the cybersecurity industry and recognised for his visionary views. He currently serves on the board of the UK&I Chapter of the Cloud Security Alliance. Previously, Francesco headed HSBC’s application and cloud security and was a Senior Security Consultant at AWS. Francesco has been keynoting at global conferences and has authored and co-authored several books. Outside of work, you can find me running marathons, snowboarding on the Italian slopes, and enjoying single malt whiskeys in one of my favourite London clubs.

Derek Fisher

Linkedin

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Chris Romeo

Linkedin

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

Christophe Parisel

Linkedin

Senior Cloud Security Architect

Senior Cloud Security Architect

Jim Manico

Linkedin

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

James Berthoty

Linkedin

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

Jeevan Singh

Linkedin

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Thanks, Your event registration has been submitted successfully.​

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.