Application Security
Strategies to protect applications from external threats
September 5, 2019
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
Application security is the process of making applications more secure by finding, fixing, and enhancing the security of applications. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This has taken on greater importance as hackers are increasingly targeting applications with their attacks.
What You Will Learn
In this one day conference attendees will learn:
Conference Price: $289.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
8:00am – 9:00am: Registration and Continental Breakfast
9:00am-9:50am: OWASP Top 10 in Depth
Carlos Pero, AVP, Head of Cyber Application Security, Zurich Insurance
The OWASP Top 10 is a powerful awareness analysis for web application security. It represents a broad consensus about the most critical security risks to web applications. Contributors include a variety of security experts from around the world who have shared their expertise to produce the list. The presentation will cover each vulnerability in detail as well as mitigation strategies.
Pero
9:50am -10:20am: Refreshment Break
10:20am-11:10am: How to Put the Sec in DevOps
Matt Rose, Global Director Application Security Strategy, Checkmarx
Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made it pretty clear that companies are adopting this organizational model in order to facilitate a practice of automated software deployment. While the traditional idea of a “software release” dissolves away into a continuous cycle of service and delivery improvements, organizations find that their traditional application security solutions are having a hard time to adapt to the new process and security becomes an inhibitor to the complete process.
In this session, you’ll learn how different organizations adopted security into their DevOps processes. What obstacles need to be addressed when introducing AppSec to DevOps and when should Sec be added to DevOps?
Join us to:
Rose
11:10am-12:00pm: How to Bake Application Security into Your Application Development Environment (Panel Discussion)
Moderator:
Phil Waugh, Enterprise Account Executive, Sumo Logic
Panelists:
Ricardo Lafosse, CISO, Morningstar
Victor Hsiang, CISO, GATX
Ivanka Gajecky, IT Compliance Manager, Beam Suntory
and other professionals from IT Departments sharing lessons learned
In this panel discussion, senior security executives will share how they build Application Security into their development from the early stages.
Areas that will be discussed include:
Lafosse Hsiang Waugh
12:00pm – 1:00pm Luncheon
1:00pm-1:50pm: How to Secure Containers and Kubernetes for On-Prem or Public Cloud Deployments
Tom Hance, VP of Operations, NeuVector
In this session NeuVector will talk about the attack surface for containers and Kubernetes deployments and how to detect and prevent attacks on modern cloud-native infrastructures. The modern CI/CD pipeline is highly automated, and rapid deployments can leave traditional security approaches behind. By building security into pipeline from build to ship to run-time, enterprises can secure deployments while gaining the benefits of containers.
Hance
1:50pm-2:40pm: Securing Identity in the World of DevOps
Nate Yocom, Chief Technology Officer, Centrify
A DevOps approach to software development unites development and operations teams to help companies maximize developer productivity, reduce time to market, and win in the marketplace. However, the increase in the development velocity enabled by DevOps must be balanced by an increase in the security focus. Stronger security in DevOps environments can be achieved when paying special attention to identity management. In this session, we will explore best practices in managing identity in DevOps environments and highlight the role of identity and privilege management in service to service communication, accessing application development pipelines, and securing infrastructure underlying development environments.
Yocom
2:40pm – 3:10pm: Refreshment Break
3:10pm-4:00pm: The True State of Application Security
Brian Self, Sr. Solutions Architect, WhiteHat Security
This year WhiteHat has partnered with strategic partners Coalfire and NowSecure on the 2018 Application Security Statistics Report. We analyzed data from more than 20,000 applications to provide a true state of application security report.
Self
4:00pm-5:00pm: Securing and Protecting Applications in the Cloud
Annur Sumar, Chief Technology Officer, MaeTech
Application and data security have become a necessity for enterprises. However, many organizations still are unable to recover in a timely manner from cyber-attacks and data breaches. With security incidents now costing millions of dollars, senior IT decision makers need to strengthen their security posture for their applications and data (both on-premise and in the cloud).
In this session, attendees will learn:
Sumar
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.