Appsec Unbounded an evening in the application and cloud security
Prizes and awards are available on the day!
In an era where digital threats evolve faster than ever, the traditional approaches to application security no longer suffice. “AppSec Unbounded” is an exclusive event designed for forward-thinking product security professionals, dedicated to exploring the convergence of AI, application security, and innovative vulnerability management techniques.
Dive into an impactful evening that promises to inform and transform the way you think about application and cloud security. With a keen focus on modern methodologies for combating cyber threats, “AppSec Unbounded” is your gateway to staying ahead in the cybersecurity arena.
We invite experts in Application Security and AI to share their insights and experiences. Want to showcase all the new methods and ideas on how to operate in product security with ai and bridging runtime, business, dev and sec
Founder & CEO Phoenix Security
Head of product security at a global fintech
CEO, Devici
Senior Cloud Security Architect
Director Manicode Security OWASP Top 10/ Java
Founder Latio Tech
Director of Security Engineering at Rippling
Cybersecurity professionals who need to ingest the flurry of risks & recommendations dealing with AI risks can easily get lost and find it hard to quantify residual risks with accuracy. The proposed approach is get back to the root cause and to focus solely on the disruptive elements of LLM. From that perspective, the risks become clear and we can reason about them. We define 3 standard architecture security patterns to deal with them in most Corporate LLM use cases.
AI as the venture capitalist nightmare: a security scanner built in a day can outperform muilti-million dollar scanners. In this talk, we explore using https://github.com/latiotech/LAST as an 8-in-1 application security tester.
Comparing the scan results of https://github.com/latiotech/LAST against multiple categories of tools – both dependencies and SAST, highlighting what it’s best at and what it struggles with.
Explore building scaled AppSec programs in large and fast-growing orgs. Learn about areas like, hiring security engineers, scaling security tools and creating a democratized vulnerability management program where Engineering leaders own vulns.
Have you wondered what it is like to build an AppSec program at a very large org? What about an org that had acquired a lot of different companies with different tech stacks?
This talk will help you focus your energy to build a scaled AppSec program and to avoid problems along the way. Deep dive into topics:
– Different maturity levels for AppSec programs
– How to hire the right individuals
– How to leverage your tools
– How to build a democratized vulnerability management program
Secure and privacy by design are not only possible but game-changing. Threat modeling unlocks the power of secure and privacy by design. Threat modeling opens hidden challenges critical for CISOs and security leaders to understand and implement effectively. Explore actionable threat modeling and the Threat Modeling Capabilities project, offering a sound, battle-tested approach for threat modeling. It’s a guide for your developers to improve your software, one design at a time.
In this 60-minute presentation, Jim Manico, a renowned expert in secure coding and application security, will delve into the multifaceted world of Artificial Intelligence (AI), exploring its history, ethical considerations, robustness, and security. The talk is meticulously designed to provide a deep understanding of AI’s evolution, its impact on business and ethical dimensions, the security challenges it presents, and the regulatory landscape shaping its future.
Session Outline:
A Brief History of AI (5 minutes)
– A concise overview of AI’s evolution, highlighting key milestones and technological advancements.
AI and Ethics (10 minutes)
– Business Implications: Examining AI’s influence on business decision-making and operations.
– AI Ethics Guidelines and Frameworks: A summary of principal ethical standards in AI.
– Ethical AI Best Practices: Strategies for ethical AI implementation.
– AI Ethics Risk Mitigation: Methods to identify and alleviate ethical risks in AI applications.
Robustness & Reliability of AI Code Generation (5 minutes)
– Common Misuse Patterns: Addressing frequent misuse scenarios in AI.
– Reliability Metrics: Essential metrics for AI system reliability assessment.
– Artificial Intelligence Security Introduction (5 minutes)
2015 had a much simpler scenario; from that point, cloud, container, advanced development and warped speed have created more complex scenarios. How can a modern develops team really help developers?
What is an asset in this modern scenario? How are assets related to each other?
We will explore the concepts of reachability and exploitability and the value of those concepts in the exploitation of vulnerability.
We will walk through the complex scenario and propose a solution that has helped other tech and fintech startups prioritize the vulnerabilities with context and measure progress.
The talk will bring data-driven scenarios on what’s exploitable, fixable, etc…
Writeup on exploitability data: https://phoenix.security/exploitability-data-visualization/
Writeup on CISA KEV: https://phoenix.security/cisa-kev-visualization/
Writeup on CISA KEV: https://phoenix.security/cisa-kev-visualization/
In this session, we’ll dissect the workings of traditional manual, tool-assisted, and code-based approaches to threat modeling, focusing on achieving the delicate balance between speed and depth in processes. Attendees will gain invaluable insights into the advantages, limitations, and strategic integration of these methodologies into the Software Development Lifecycle (SDLC). Whether you’re a seasoned security professional or a software developer looking to bolster your organization’s security posture, this session promises to equip you with practical knowledge and actionable strategies for optimizing threat modeling practices.
Elevate your “AppSec Unchained” experience by participating in our interactive Kahoot games! We’re taking engagement to the next level with three rounds of cybersecurity-themed challenges. Showcase your knowledge and compete for top honors. The stakes are high and the rewards are enticing:
Appsec Unbounded an evening in the application and cloud security
Prices and awards available on the day!
Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.
Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.
Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.
Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.
Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.
James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.
Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.
Get all the latest news, exclusive deals, and feature updates.