All times are in Pacific Time(GMT -7)

Day 1 - May 20, 2021

AppSec Village CTF

Sandbox 09:00 - 09:40 May 20, 2021

Eden Stroet | App Sec Village Lead

The AppSec Village from DEF CON would like to present our very own Capture the Flag! Theses CTFs are designed to fit around AppSec values and principles. However this challenge also includes traditional categories so everyone can join in on the fun! Compete solo or in teams for cool rewards and priz...

Continue reading...

Colorful AppSec - Red, Blue, or Purple?

Seminar 09:45 - 10:25 May 20, 2021

Erez Yalon | Director of Security Research, Checkmarx

Luis Gomes | Global Head of Information Security, OLX Group

Pedro Umbelino | Senior Security Researcher, Char49

Tanya Janca | Founder & CEO, We Hack Purple Academy, Community and Podcast

Three leading experts are challenged to share their AppSec knowledge from the perspectives of Red, Blue, and Purple Teams. In less than 7 minutes, each of them will share their insights on how their perspective is vital and why it matters. The session will then open up to discussion with the panel t...

Continue reading...

MindAPI - Bringing Organization to API Security Testing

Sandbox 10:30 - 11:10 May 20, 2021

David Sopas | COO, Char49

Participants in this session will get a walk-through on MindAPI - an online mind-map that combines years of experience in API security testing. It's divided into two sections. Reconnaissance and Testing (Follows OWASP API Security Top 10 guidelines and other security guides). Get a tuned methodology...

Continue reading...

Internal AppSec Awareness and Education

Sandbox 11:15 - 11:55 May 20, 2021

Erez Yalon | Director of Security Research, Checkmarx

Marisa Fagan | Security Awareness Manager, Atlassian

Nikki Brandt | Product Security Engineering Manager, Slack

Tiffany Long | Appsec Village

Tom Hudson | Detectify

How do companies go beyond "shifting left" with application security activities to proactively empowering developers to be the security champions on their teams? What are the most effective ways to teach appsec and measure the outcomes? And what's the best use of limited time? Join a discussion led...

Continue reading...

Internal AppSec Awareness and Education

Sandbox 12:25 - 13:05 May 20, 2021

Marisa Fagan | Security Awareness Manager, Atlassian

Nikki Brandt | Product Security Engineering Manager, Slack

How do companies go beyond "shifting left" with application security activities to proactively empowering developers to be the security champions on their teams? What are the most effective ways to teach appsec and measure the outcomes? And what's the best use of limited time? Join a discussion led...

Continue reading...

AppSec from an Incident Response Perspective

Sandbox 12:25 - 13:05 May 20, 2021

Guy Barnhart-Magen | CTO, Profero

How does incident response relate to application security? Learn what attackers are targeting, areas that should be defended, and most importantly - how to better protect crucial assets. With ~100 IR handled in the past 18 months, the speaker has a unique perspective into what makes an effective app...

Continue reading...

API Security Best Practices

Sandbox 12:25 - 13:05 May 20, 2021

Tanya Janca | Founder & CEO, We Hack Purple Academy, Community and Podcast

This is a Birds of a Feather session to discuss web API security best practices. API Gateways, Service Mesh, Secure Coding, Resource Quotas, Throttling, and anything else we come up with!

Continue reading...

The Perfect Bug Bounty Program

Sandbox 12:25 - 13:05 May 20, 2021

Ante Gulam | CISO, SumUp

Ben Sadeghipour | Hacker/Head of Hacker Education , HackerOne

Erez Yalon | Director of Security Research, Checkmarx

Questioning whether to start a bug bounty program or participate in one? We will discuss decisions such as whether to use a bounty platform or DIY. Join our experts for an open discussion about bug bounty programs from the perspective of the software company, the bounty platform, or even the bounty...

Continue reading...

Thanks to our Sponsors

Gold Sponsors

Is your organization passionate about application security and want to sponsor?

Read on how to become a sponsor and checkout our available sponsorship opportunities.