I attended the Application Security USA conference this year. Similar to The Server Side Symposium two years ago, ago, I blogged about it. This post a link to all of those blog posts. For readers in the New York City area, OWASP has a quarterly meetup. I’ve gone to the last three or so and found the speakers to be excellent. And since the conference was in NYC this year, I took the opportunity to go.
Wednesday
- Keynote: Computer and Network Security: I think we can win (speaker: Bill Cheswick)
- The perilous future of browser security (speaker: Robert Hansen)
- Can AppSec Training Really Make a Smarter Developer? (speaker: John Dickson)
- Build but don’t break: Lessons in Implementing HTTP Security Headers (speaker: Kenneth Lee)
- HTML5: Risky Business of Hidden Security Tool Chest? (speaker: Johannes Ullrich)
- What could possibly go wrong – thinking differently about security (speaker: Mary Ann Davidson from Oracle)
- Making the Future Secure with Java (speaker: Milton Smith from Oracle)
Thursday
- AppSec at DevOps Speed and Portfolio Scale (speaker: Jeff Williams from Aspect)
- Acidental Abyss: Data Leakage on the internet (speaker: Kelly Fitzgerald)
- An introduction to the newest addition to the OWASP Top 10 (panel from Sonatype and Aspect)
- Application security: everything we know is wrong (speaker: Eoin Keary)
- Go Fast AND be secure: eliminating risk int he era of modern component-based development Ryan Berg’s part and Jeff Williams’ part (from Sonatype and Aspect)
- Not all CSRF Defenses are created equal (speaker: Ari Elias-Bachrach)