All times are in Pacific Time(GMT -7)
Day 1 - May 20, 2021
AppSec Village CTF
Sandbox
09:00
-
09:40
May 20, 2021
Eden Stroet
|
App Sec Village Lead
Eden Stroet | App Sec Village Lead
The AppSec Village from DEF CON would like to present our very own Capture the Flag! Theses CTFs are designed to fit around AppSec values and principles. However this challenge also includes traditional categories so everyone can join in on the fun! Compete solo or in teams for cool rewards and priz...
Continue reading...Colorful AppSec - Red, Blue, or Purple?
Seminar
09:45
-
10:25
May 20, 2021
Erez Yalon
|
Director of Security Research, Checkmarx
Luis Gomes
|
Global Head of Information Security, OLX Group
Pedro Umbelino
|
Senior Security Researcher, Char49
Tanya Janca
|
Founder & CEO, We Hack Purple Academy, Community and Podcast
Erez Yalon | Director of Security Research, Checkmarx
Luis Gomes | Global Head of Information Security, OLX Group
Pedro Umbelino | Senior Security Researcher, Char49
Tanya Janca | Founder & CEO, We Hack Purple Academy, Community and Podcast
Three leading experts are challenged to share their AppSec knowledge from the perspectives of Red, Blue, and Purple Teams. In less than 7 minutes, each of them will share their insights on how their perspective is vital and why it matters. The session will then open up to discussion with the panel t...
Continue reading...MindAPI - Bringing Organization to API Security Testing
Sandbox
10:30
-
11:10
May 20, 2021
David Sopas
|
COO, Char49
David Sopas | COO, Char49
Participants in this session will get a walk-through on MindAPI - an online mind-map that combines years of experience in API security testing. It's divided into two sections. Reconnaissance and Testing (Follows OWASP API Security Top 10 guidelines and other security guides). Get a tuned methodology...
Continue reading...Internal AppSec Awareness and Education
Sandbox
11:15
-
11:55
May 20, 2021
Erez Yalon
|
Director of Security Research, Checkmarx
Marisa Fagan
|
Security Awareness Manager, Atlassian
Nikki Brandt
|
Product Security Engineering Manager, Slack
Tiffany Long
|
Appsec Village
Tom Hudson
|
Detectify
Erez Yalon | Director of Security Research, Checkmarx
Marisa Fagan | Security Awareness Manager, Atlassian
Nikki Brandt | Product Security Engineering Manager, Slack
Tiffany Long | Appsec Village
Tom Hudson | Detectify
How do companies go beyond "shifting left" with application security activities to proactively empowering developers to be the security champions on their teams? What are the most effective ways to teach appsec and measure the outcomes? And what's the best use of limited time? Join a discussion led...
Continue reading...Internal AppSec Awareness and Education
Sandbox
12:25
-
13:05
May 20, 2021
Marisa Fagan
|
Security Awareness Manager, Atlassian
Nikki Brandt
|
Product Security Engineering Manager, Slack
Marisa Fagan | Security Awareness Manager, Atlassian
Nikki Brandt | Product Security Engineering Manager, Slack
How do companies go beyond "shifting left" with application security activities to proactively empowering developers to be the security champions on their teams? What are the most effective ways to teach appsec and measure the outcomes? And what's the best use of limited time? Join a discussion led...
Continue reading...AppSec from an Incident Response Perspective
Sandbox
12:25
-
13:05
May 20, 2021
Guy Barnhart-Magen
|
CTO, Profero
Guy Barnhart-Magen | CTO, Profero
How does incident response relate to application security? Learn what attackers are targeting, areas that should be defended, and most importantly - how to better protect crucial assets. With ~100 IR handled in the past 18 months, the speaker has a unique perspective into what makes an effective app...
Continue reading...API Security Best Practices
Sandbox
12:25
-
13:05
May 20, 2021
Tanya Janca
|
Founder & CEO, We Hack Purple Academy, Community and Podcast
Tanya Janca | Founder & CEO, We Hack Purple Academy, Community and Podcast
This is a Birds of a Feather session to discuss web API security best practices. API Gateways, Service Mesh, Secure Coding, Resource Quotas, Throttling, and anything else we come up with!
Continue reading...The Perfect Bug Bounty Program
Sandbox
12:25
-
13:05
May 20, 2021
Ante Gulam
|
CISO, SumUp
Ben Sadeghipour
|
Hacker/Head of Hacker Education , HackerOne
Erez Yalon
|
Director of Security Research, Checkmarx
Ante Gulam | CISO, SumUp
Ben Sadeghipour | Hacker/Head of Hacker Education , HackerOne
Erez Yalon | Director of Security Research, Checkmarx
Questioning whether to start a bug bounty program or participate in one? We will discuss decisions such as whether to use a bounty platform or DIY. Join our experts for an open discussion about bug bounty programs from the perspective of the software company, the bounty platform, or even the bounty...
Continue reading...