Join us for a special event featuring Troy Hunt, Pluralsight Author and Microsoft Regional Director and MVP for Developer Security and Dr. Achim D. Brucker, Senior Lecturer, Computer Science Department of The University of Sheffield and former Security Testing Strategist and Project Lead in the Global Security Team of SAP SE.
- Registration, Breakfast and Networking
- Welcome and Introduction
- Session 1: Software Security & Early Prevention of Vulnerable Code- Troy Hunt
- Session 2: 1 Kit, 8 Steps, 31 Days. How We Raised Application Security Awareness- Amit Ashbel
- Coffee Break
- Session 3: Secure Software Development on the Enterprise Level- Dr. Achim Brucker
- Open Discussion and Wrap Up
ABOUT THE SESSIONS
Session 1: Software Security & Early Prevention of Vulnerable Code- Troy Hunt
At the heart of the vast majority of today’s security incidents lie a common root cause: developer error. Time and time again, the same coding flaws play out with disastrous consequences, flaws such as SQL injection which are used to great effect by mere children against some of the world’s largest online assets. We know the exploit patterns and we know the defences yet we’re still not able to consistently get them right.
In this talk, Troy will walk through where it’s all going wrong in the development process. He’ll talk about how to ingrain a security culture and make it an integral part of the software development lifecycle, shifting the discovery and remediation of security flaws “left” to early on in the process. Early detection and prevention of vulnerable code is the most effective way of avoiding security disasters and it can be surprisingly easy to get started.
Session 2: 1 Kit, 8 Steps, 31 Days. How We Raised Application Security Awareness- Amit Ashbel
We created an application security awareness kit for organizations to run a month long secure coding awareness enhancement program with their developers. During this session you will learn how to effectively educate developers on secure coding best practices, play an interactive gamified session, and demonstrate your knowledge and win your very own secure development kits.
Session 3: Secure Software Development on the Enterprise Level- Dr. Achim D. Brucker
At large enterprises, a security development life-cycle (SDLC) needs to support a large range of development models as well as a large range of programming techniques.
I will present the SDLC of a large software vendor from the perspective of introducing security testing into the early steps of a software development life-cycle (i.e., enabling developers to use software testing tools).
ABOUT THE SPEAKERS
Troy Hunt, Pluralsight Author and Microsoft Regional Director and MVP for Developer Security- Troy Hunt is a Pluralsight Author and Microsoft Most Valued Professional (MVP) focusing on security concepts and process improvement in software delivery within a large enterprise environment. Troy can often be found speaking at technology events around the world, usually on security and usually showing people just how easy it is to break software on the web today. He is very active in the development space and is constantly producing software on the latest technology platforms we have at our disposal today. Blog: https://www.troyhunt.com/.
Amit Ashbel, Director of Product Marketing at Checkmarx- Amit Ashbel has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and familiarity with emerging threats. Amit also speaks at high profile events and conferences such as Blackhat, Defcon, OWASP, and others. Blog: https://www.checkmarx.com/resources/blog/.
Dr. Achim D. Brucker, Senior Lecturer and Consultant, Computer Science Department of The University of Sheffield- He leads the Software Assurance & Security Research Team, drives the security initiative, and is a member of the Verification and Testing Groups.
Until December 2015, he was a Research Expert (Architect), Security Testing Strategist, and Project Lead in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP that combines static, dynamic, and interactive security testing methods and integrates them deeply into SAP's Secure Software Development Lifecycle. He was involved in rolling out static and dynamic application security testing tools to the world-wide development organisation of SAP. Moreover, he represented SAP in OCL standardization process of the OMG. Blog: https://logicalhacking.com/blog/.
WHO SHOULD ATTEND
Security professionals interested in expanding their knowledge of application security and the importance it plays in the Software Development Lifecycle.
Register now as space is limited.