Loading…
Simple
Expanded
Grid
By Venue
Thursday, October 24
 

7:30am CDT

Registration Open
Thursday October 24, 2024 7:30am - 9:00am CDT
Lobby
Thursday October 24, 2024 7:30am - 9:00am CDT
Lobby 2525 West Anderson Lane, Austin, TX, USA
  Conference Activity

8:00am CDT

Expo Hall Open
Thursday October 24, 2024 8:00am - 5:00pm CDT
Live Oak Room/Expo Hall
Thursday October 24, 2024 8:00am - 5:00pm CDT
Live Oak Room/Expo Hall 2525 W Anderson Ln., Austin, TX 78757, USA
  Conference Activity

9:00am CDT

Keynote - Maturing Your Application Security Program
Thursday October 24, 2024 9:00am - 10:00am CDT
Red Oak Ballroom
Speakers
avatar for Tanya Janca

Tanya Janca

Head of Community and Education, Semgrep
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the Head of Education and Community at Semgrep, sharing content and training that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public... Read More →
Thursday October 24, 2024 9:00am - 10:00am CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Interesting Vulnerabilities from Public Pentest Reports
Thursday October 24, 2024 10:00am - 10:45am CDT
Snyk Room (Pecan)
In this talk, we will explore real-world security flaws uncovered in various mobile, web, VPN, and cloud applications through public penetration testing reports. These vulnerabilities, often found in widely used or highly sensitive applications, showcase how even the most security-conscious projects can expose critical risks when overlooked. We'll dive into technical examples, including those found in mobile apps like LeaveHomeSafe, a COVID-19 contact tracing app mandated in Hong Kong, highlighting how personal data protection can be undermined by security oversights.

Additionally, we will cover vulnerabilities from open-source projects designed to protect individuals in regions with restrictive internet access, such as China, Iran, and Russia. These applications, aimed at securing communications for at-risk users, demonstrate the complexities of balancing usability and security under hostile conditions, and the real risks posed when vulnerabilities are left unchecked.

The session will feature detailed analysis and attack scenarios, providing insights into how these vulnerabilities were identified, exploited, and the lessons learned from public security reports. Whether you're a developer, pentester, or just interested in cybersecurity, this talk will shed light on the importance of transparency and the value of learning from vulnerabilities disclosed in public reports
Speakers
avatar for Abraham Aranguren

Abraham Aranguren

Managing Director, 7ASecurity
After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior... Read More →
Thursday October 24, 2024 10:00am - 10:45am CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Applying generative AI to CVE remediation - early container images vulnerability patching in continuous integration pipelines
Thursday October 24, 2024 10:00am - 10:50am CDT
LevelBlue Room (Magnolia)
It is imperative for application development teams to adhere to strict security guidelines from the earliest development stages and ensure continuous security scans throughout the application lifecycle. The rise of generative AI enables new innovative approaches for addressing longstanding security challenges with reduced effort. In this session the audience will learn how engineering teams can use generative AI to efficiently automate remediation of container CVEs (common vulnerabilities and exposures) early in their continuous integration pipeline. The speakers will discuss the challenges of manual CVE patch applications, build an automated solution together with the audience, and show it in action in a live interactive demo. After the session, the audience will be able to clone the solution project code from github.com and run it at their convenience.
Speakers
avatar for Lucas Duarte

Lucas Duarte

Sr. Specialist Containers SA, AWS
avatar for Anton Aleksandrov

Anton Aleksandrov

Principal Solution Architect, Serverless, AWS
Anton Aleksandrov is a Principal Solutions Architect for AWS Serverless and Event-Driven architectures. Having over 20 years of hands-on software engineering, and architecture experience, Anton is working with major ISV and SaaS customers to design highly scalable, innovative, and... Read More →
Thursday October 24, 2024 10:00am - 10:50am CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Effective threat modeling for better software security
Thursday October 24, 2024 10:00am - 10:50am CDT
Red Oak Ballroom
Threat modeling is an important process in building secure products throughout their lifecycle. Early adoption is especially important for a software product as it facilitates development of more secure software and minimizes the need for time-consuming rework caused by security flaws discovered later.
At Thales, threat modeling has been an integral part of our software security assurance plan for many years. These practices, based on widely recognized methods and a well-known open-source tool, yield significant benefits. We continually improve our processes and recently investigated alternate methodologies and open-source tools. The outcome highlights new ways of thinking about and performing threat modeling.
Join us in this informative session as we share our findings and recommendations. You will gain exposure to a range of threat modeling methodologies, open-source tools and obtain valuable suggestions that will enhance the effectiveness of your threat modeling practices.
Speakers
avatar for Karen Lu

Karen Lu

Security Architect, Thales
Dr. Karen Lu is a principal security architect at Thales. She has over 15 years of experience in security, risk assessment, identity and access management, and privacy protection. Karen holds 28 patents with many pending, and has 50+ publications over several research fields. She... Read More →
Thursday October 24, 2024 10:00am - 10:50am CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

Dissecting DDOS Attacks
Thursday October 24, 2024 11:00am - 11:50am CDT
Red Oak Ballroom
In this presentation, we will walk through different types of real anonymized DDOS attack data learning how to analyze, stop, and put preventative measures in place at both the technical and C-Suite levels.
Speakers
avatar for Mark Spears

Mark Spears

Principal Security Consultant, Solis Security / CFC Response
vCISO, vZTSO, and Technical Consulting20+ Years in Cybersecurity, Network and Systems Administration, Web Application SecDevOps and Programming, Penetration Testing, Regulatory Compliance, Incident Response, and Zero Trust Architecture
Thursday October 24, 2024 11:00am - 11:50am CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

Scan your infrastructure as code like Code!
Thursday October 24, 2024 11:00am - 11:50am CDT
Promon Room (Cypress)
Focusing on Terraform but applicable to any infrastructure as code tool, demonstrate using Checkov OSS to perform SAST scanning for security vulnerabilities in the resulting infrastructure. Touch on Bridgecrew which offers a commercial demo of this capability, and briefly touch on Hashicorp Sentinel, which goes even further and allows security policy as code applied to Terraform.
Speakers
avatar for Neal Brown

Neal Brown

Staff Security Engineer, Retail
MSIS UT AustinMS Cybersecurity U Dallas - Fall 2024AWS Security Specialty CertifiedTerraform CertifiedFocusing on public cloud and IaC security.My first conference talk was Puppet Conf 2013.
Thursday October 24, 2024 11:00am - 11:50am CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

Three Categories of Rogue AI and How to Mitigate your Risk
Thursday October 24, 2024 11:00am - 11:50am CDT
LevelBlue Room (Magnolia)
As developer teams initially rushed to adopt LLMs, they often did so without clear security protocols, leaving applications vulnerable. As AI utilization broadens, the industry is also facing the threat of excessive agency. This session will define three categories of Rogue AI that have come to light in recent months, including the Accidental, Subverted and The Malicious Rogue. The speaker will outline the risks of each and how to apply defenses for detecting and mitigating them, including tips from the OWASP Top 10 for LLM Applications on preventing Excessive Agency. The speaker will demonstrate how a defense in depth (OSI) model can counter potential evasions at each level and explain how to establish an advanced Zero Trust maturity model for effective defense. Attendees will walk away with the understanding they need to recognize intentional AI behaviors and detect/mitigate risks when an AI goes rogue.
Speakers
avatar for Josiah Hagen

Josiah Hagen

Senior Staff Engineer, Trend Micro
Josiah is an AI researcher at Trend Micro, applying AI techniques to security problems. He has 20 years of professional software development experience, hunting threats with AI for the last 10. Research includes data science on DGAs, using ML to detect Exploit Kit landing pages in-line... Read More →
Thursday October 24, 2024 11:00am - 11:50am CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

11:30am CDT

Lunch - Day 1
Thursday October 24, 2024 11:30am - 1:00pm CDT
Live Oak Room/Expo Hall
Thursday October 24, 2024 11:30am - 1:00pm CDT
Live Oak Room/Expo Hall 2525 W Anderson Ln., Austin, TX 78757, USA
  Conference Activity

12:00pm CDT

Integrating Security into DevOps
Thursday October 24, 2024 12:00pm - 12:50pm CDT
Snyk Room (Pecan)
Make it easy — adapt security hygiene into every step. Learn how to promote shared accountability and leverage agile tools into the security process. Scale their information security teams into DevOps by using a security champion/coach model.
Speakers
AH
Thursday October 24, 2024 12:00pm - 12:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

12:00pm CDT

Modern Appsec vs. GenAI Application : Is Your Appsec Ready?
Thursday October 24, 2024 12:00pm - 12:50pm CDT
LevelBlue Room (Magnolia)
We are seeing the exponential rise in GenAI application development and the use of GenAI code assistance in traditional app development. Are the current mature Appsec programs ready to handle the security challenges of GenAI adoption? In this session we will evaluate how top 3 GenAI application types and CodeGenAI security threats fare against a mature Appsec program. The goal of the session will be to answer the questions below to measure Appsec readiness against these threats. 1. Do the current Appsec practices adequately mitigate new GenAI Application threats ?
2. Do we need to enhance current Appsec controls or add new ones to mitigate GenAI application threats ? 3. How to address the new security challenges of traditional apps built with GenAI assistance ?
Speakers
avatar for Balachandra Shanabhag

Balachandra Shanabhag

Staff Security Engineer, Cohesity
Bala is working as Staff security Engineer for Cohesity.  Bala has over 15 years of experience in various domains of cybersecurity. Bala Joined Cohesity as Founding Product Security Engineer and helped boot strap Appsec and other security initiatives. Before Cohesity Bala worked... Read More →
Thursday October 24, 2024 12:00pm - 12:50pm CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

12:00pm CDT

Words Be Hard: How Security Can Speak Business Lingo
Thursday October 24, 2024 12:00pm - 12:50pm CDT
Promon Room (Cypress)
Security is hard. Delivering business solutions is hard. If your key stakeholders won’t listen to you, you cannot have the impact you want to have on the security posture of your organization. A key lynchpin for success in information security is making sure security can speak in business terms, so that our partners actually listen. In this talk, we will teach you the tradecraft and artistry that goes with picking phrases that let you influence your stakeholders versus making them defensive and unable to listen to your important message. Good news - GenAI can help! We’ll talk through some key tenets and soft skills such as empathy, active listening, influence, and business acumen, so you can supercharge your security knowledge with tools that will help you have less friction and more breakthroughs with the stakeholders you work with.
Speakers
avatar for Sean Poris

Sean Poris

Managing Director
Thursday October 24, 2024 12:00pm - 12:50pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

1:00pm CDT

Cyber Resilience and Your Organization
Thursday October 24, 2024 1:00pm - 1:50pm CDT
Red Oak Ballroom
Computing has changed so fast that most IT leaders no longer have real visibility into their IT estate. Both proprietary and open sources of software are combined with legacy solutions, cloud computing, and digital transformation. IT leaders see positive outcomes from these changes, 85% acknowledge the one thing they are trading off is risk. The 2024 LevelBlue Futures Report uncovers the relationships between the barriers to cyber and cybersecurity resilience and how the business prioritizes them. In this session you will learn: - Why business leaders and tech leaders alike need to prioritize cyber resilience.
- Critical barriers to cyber resilience.
- Challenges impacting cybersecurity resilience.
- The business context reveals the operational issues associated with prioritizing resilience.
Speakers
avatar for Theresa Lanowitz

Theresa Lanowitz

Chief Evangelist, LevelBlue
Thursday October 24, 2024 1:00pm - 1:50pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

1:00pm CDT

Don’t Make This Mistake: Painful Learnings of Applying AI in Security
Thursday October 24, 2024 1:00pm - 1:50pm CDT
Snyk Room (Pecan)
Our session features real-world examples and a live demo that exposes GenAI’s limitations in tackling code vulnerabilities. Our talk serves as a cautionary lesson against falling into the trap of using AI as a stand-alone solution to everything. We’ll explore the broader implications, communicating the risks of blind trust in AI without a nuanced understanding of its strengths and weaknesses. In the second part of our session, we’ll explore a more reliable approach to leveraging GenAI for security relying on the RAG Framework. RAG stands for Retrieval-Augmented Generation. It's a methodology that enhances the capabilities of generative models by combining them with a retrieval component. This approach allows the model to dynamically fetch and utilize external knowledge or data during the generation process. Attendees will leave with a clear understanding of how to responsibly and effectively deploy AI in their programs — and how to properly vet AI tools.
Speakers
avatar for Eitan Worcel

Eitan Worcel

CEO & Co Founder, Mobb
Eitan Worcel is the co-founder and CEO of Mobb, the recent Black Hat StartUp Spotlight winner. He has over 15 years of experience in the application security field as a developer, product management leader, and now business leader. Throughout his career, Eitan has worked with numerous... Read More →
Thursday October 24, 2024 1:00pm - 1:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

1:00pm CDT

Stop Paying Me to Secure your AWS Account
Thursday October 24, 2024 1:00pm - 1:50pm CDT
LevelBlue Room (Magnolia)
In 2024 so far, I have billed over $10,000 fixing AWS accounts for small and medium sized companies. Here's the secret though ... It's a 3 of 10 on the complexity scale. Anyone can do it. Let me show you how so you don't have to add to my retirement fund.
Speakers
BH
Thursday October 24, 2024 1:00pm - 1:50pm CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

5 Must-Know Open Source Identity Management Tools For Cloud Native Stacks
Thursday October 24, 2024 2:00pm - 2:50pm CDT
Snyk Room (Pecan)
We deep dive into the challenges in the identity space and how they impact our apps and systems using examples from 5 open source tools that cover the most common risks and stacks in use today. We will also share real tips and best practices for how to mitigate these risks and reduce attack surface.
Speakers
JW
Thursday October 24, 2024 2:00pm - 2:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

How to shift-left and find critical authorization vulnerabilities throughout your CI/CD Pipeline?
Thursday October 24, 2024 2:00pm - 2:50pm CDT
LevelBlue Room (Magnolia)
Gitlab reported a vulnerability this year where an attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. This common authorization flaw is very hard to detect and remains so for 15 years. These flaws are the most critical and common in bug bounties. The challenge is to scale the detection of these flaws across numerous application roles, APIs, and applications in the DevSecOps pipeline. We've developed a framework to detect authorization issues in code, PR stages, and CI/CD dynamic testing. We have focused on 5 types of most common authorization issues. This presentation will discuss the 'shift-left' approach to identify and rectify these flaws early in the pipeline, enhancing the security of the development environment against authorization breaches.
Speakers
avatar for Ankush Jain

Ankush Jain

Co-founder and CTO, Akto.io
Ankush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap... Read More →
avatar for Ankita Gupta

Ankita Gupta

Co-founder and CEO, Akto.io
Ankita is the co-founder and CEO of Akto.io. Prior to Akto she has experience working in VMware, LinkedIn and JP Morgan. She holds MBA from Dartmouth College and Bachelors in Technology from IIT Roorkee.
Thursday October 24, 2024 2:00pm - 2:50pm CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

Invited - Roger Thornton
Thursday October 24, 2024 2:00pm - 2:50pm CDT
Promon Room (Cypress)
Thursday October 24, 2024 2:00pm - 2:50pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

True or False? - AI Will Your Cybersecurity Job
Thursday October 24, 2024 2:00pm - 2:50pm CDT
Red Oak Ballroom
As AI continues to revolutionize the cybersecurity industry, many are asking: Will AI take our jobs? 


The answer is yes, no, maybe, and it depends. 


In this talk, we’ll dive into which cybersecurity roles are at risk of being replaced by AI, and which ones can be enhanced or transformed by it. 


We’ll explore the tasks AI can already handle, where it’s likely to make an impact in the future, and how security professionals can stay relevant in this new landscape. 


This session will provide practical advice on how to leverage AI as a tool rather than seeing it as a threat, positioning yourself to thrive in an AI-augmented cybersecurity world. 


Speakers
avatar for Marcus Carey

Marcus Carey

Enterprise Architect, ReliaQuest
Follow Marcus J. Carey at @marcusjcarey
Thursday October 24, 2024 2:00pm - 2:50pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

2:45pm CDT

Snack Break!
Thursday October 24, 2024 2:45pm - 3:15pm CDT
Live Oak Room/Expo Hall
Thursday October 24, 2024 2:45pm - 3:15pm CDT
Live Oak Room/Expo Hall 2525 W Anderson Ln., Austin, TX 78757, USA
  Conference Activity

3:00pm CDT

SBOM Shelter in the Dependency Storm: Building Resilience Brick by Brick
Thursday October 24, 2024 3:00pm - 3:50pm CDT
Red Oak Ballroom
In today’s rapidly evolving software landscape, organizations face a critical decision: write it all yourself or rely on someone else’s code.  Writing it yourself will consume endless hours of time, loads of money and require you to support it into the foreseeable future.  Relying on external dependencies can provide a significant shortcut, but comes with a plethora of challenges ranging from vulnerability management to compliance risks. This talk chronicles our journey from chaos to control in software supply chain management, focusing on the implementation of a robust Software Bill of Materials (SBOM) strategy. We’ll explore how SimpleRisk transformed from having no visibility into our software dependencies to establishing a fortified “SBOM Shelter” – a comprehensive system for dependency management and automated SBOM generation within our CI/CD pipeline. Whether you’re just starting your SBOM journey or looking to fortify your existing processes, this talk will provide valuable strategies for building a more secure and transparent software supply chain and transforming vulnerability into resilience, brick by brick. Discover how not just to weather the dependency storm, but to thrive in it.










Speakers
avatar for Josh Sokol

Josh Sokol

CEO / CISO, SimpleRisk
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and recently left a ten year career as the... Read More →
Thursday October 24, 2024 3:00pm - 3:50pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

3:00pm CDT

ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild
Thursday October 24, 2024 3:00pm - 3:50pm CDT
Promon Room (Cypress)
The rapid adoption of AI technologies, driven by open-source frameworks, has made AI infrastructure a prime target for attackers. Our research has identified active exploitation of CVE-2023-48022 in the popular AI framework Ray over the past seven months. Due to its disputed status, many development teams and static scanning tools missed this vulnerability, leading to significant impacts across sectors like education, cryptocurrency, and biopharma. This talk will introduce our discovery of an active attack campaign targeting this vulnerability, detailing the attackers' techniques, the types of sensitive data compromised, and our research methodology, along with real-world case studies and lessons learned.
Speakers
MM
Thursday October 24, 2024 3:00pm - 3:50pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

3:00pm CDT

The Hidden Risks of Software re-use: OWASP Top 10 OSS Risks
Thursday October 24, 2024 3:00pm - 3:50pm CDT
Snyk Room (Pecan)
While known vulnerabilities and out-of-date components seem like apparent risks, OSS has several other key risks that should be considered as well. In this talk, we will cover the Top 10 OSS Risks. This includes common considerations such as known vulnerabilities and unmaintained or outdated software but also other key risks such as the compromise of a legitimate package, license risks, and excessive use of dependencies. This talk will feature the Top 10 OSS Risks https://owasp.org/www-project-open-source-software-top-10/ and include examples and case studies of notable OSS incidents tied to the risks discussed. It will also provide actionable takeaways for security and technology leaders to equip them to securely consume and utilize OSS in their enterprise environments and software/products while mitigating some of the most relevant risks associated with OSS
Speakers
avatar for James Scott

James Scott

Founding Product Manager, Endor Labs
Jamie Scott, CISSP, CCSP is a recovering cybersecurity practitioner turned product manager building the next generation of dependency management solutions at Endor Labs. Previously Jamie was Product Manager at Redis and StackRox (Acquired by Red Hat in Feb 2021) where he was an open... Read More →
Thursday October 24, 2024 3:00pm - 3:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

4:00pm CDT

API Security: What I would do with 30 minutes a week
Thursday October 24, 2024 4:00pm - 4:50pm CDT
Promon Room (Cypress)
Securing APIs is paramount to protecting data from unauthorized access; however, it is often behind a long list of other tasks that are already in the long line of application security (web application issues, mobile security issues, threat modeling, etc.). If you are starting off your API security program, you may have 30 minutes a day to work on this, but maybe 30 minutes per week. This talk will discuss how to prioritize the essential security measures for API Security based on 200 data points. This abstract won’t outline the strategic approach to API security, as there are 10M+ vendor white papers that already exist, but rather the top 10 things I would do if I only have 30min/week to run my API Security program. The focus will be on high-impact actions that offer robust protection in order to prevent AppSec data breaches .
Speakers
HD
Thursday October 24, 2024 4:00pm - 4:50pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

4:00pm CDT

How will the advent of new AI-powered tools affect AppSec practices - and how can AppSec reap the best of it?
Thursday October 24, 2024 4:00pm - 4:50pm CDT
Snyk Room (Pecan)
How will the advent of new AI-powered tools affect AppSec practices - and how can AppSec reap the best of it? In this session, we will examine the promise of AI-powered AppSec for processes, and discuss how it can help maximize development effectiveness and expedite product delivery.
Speakers
avatar for Chris Lindsey

Chris Lindsey

Application Security Evangelist, Mend.io
Chris Lindsey is a seasoned speaker who has appeared at conferences, webinars, and private events. Currently building an online community and creating a podcast series, Chris draws on expertise from more than 15 years of direct security experience and over 35 years of experience leading... Read More →
Thursday October 24, 2024 4:00pm - 4:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

4:00pm CDT

Vendor Nightmares and Scoring Scuffles: Surviving Vulnerability Management
Thursday October 24, 2024 4:00pm - 4:50pm CDT
Red Oak Ballroom
Implementing a functional and scalable vulnerability management program is fraught with challenges that can derail even the best efforts. Despite ample materials detailing the components, they often lack practical details on building these at scale. Additionally, "Vulnerability Management" has lost its meaning, often referring to one or more of the areas of vulnerability remediation, application security, penetration testing, endpoint vulnerabilities, cloud security, configuration compliance, and more. In this talk, I will uncover common pitfalls such as inconsistent formats, vendor-created hurdles, prioritization complexities, and scaling issues. Attendees will gain insights to advocate for industry changes, influencing both vendor focus and employer expectations. Join me to raise awareness and drive improvements in vulnerability management practices.
Speakers
avatar for mauvehed

mauvehed

Senior Manager, SecEng/SecOps, Austin Hackers Anonymous (AHA!)
mauvehed, also known as Nate, has traversed a long and winding career path through hacking, system and network administration, computer security, and leadership. Now firmly planted in management, he takes great pride in building teams, developing people, and solving business challenges... Read More →
Thursday October 24, 2024 4:00pm - 4:50pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

5:00pm CDT

Speed Debates
Thursday October 24, 2024 5:00pm - 6:00pm CDT
Red Oak Ballroom
Speakers
avatar for Matt Tesauro

Matt Tesauro

Founder and CTO, DefectDojo
Matt Tesauro is a DevSecOps and AppSec guru who specializes in creating security programs, leveraging automation to maximize team velocity and training emerging and senior security professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via... Read More →
Thursday October 24, 2024 5:00pm - 6:00pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA
  Conference Activity

5:00pm CDT

Ride the Bull! (Sponsored by DefectDojo)
Thursday October 24, 2024 5:00pm - 7:00pm CDT
Magnolia (B) Room
The mechanical bull is back again for another year at LASCON!

Come watch or try your skills to see if you have what it takes (though the bull operator will take it easy on newbies).

Sponsored by DefectDojo (https://defectdojo.com/)
Thursday October 24, 2024 5:00pm - 7:00pm CDT
Magnolia (B) Room 2525 W Anderson Ln. #365, Austin, TX 78757, USA
  Conference Activity

5:00pm CDT

Happy Hour (Sponsored by Digital.ai)
Thursday October 24, 2024 5:00pm - 8:00pm CDT
Lobby
Open bar and appetizers served. Drink tickets are handed out to attendees.


Happy Hour sponsored by Digital.ai (https://digital.ai)

Thursday October 24, 2024 5:00pm - 8:00pm CDT
Lobby 2525 West Anderson Lane, Austin, TX, USA
  Conference Activity

6:00pm CDT

Fireside Chat
Thursday October 24, 2024 6:00pm - 7:00pm CDT
Snyk Room (Pecan)
Speakers
avatar for Roger Thornton

Roger Thornton

Co-Founder & General Partner, Ballistic Ventures
Thursday October 24, 2024 6:00pm - 7:00pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA
  General InfoSec
 
Friday, October 25
 

8:00am CDT

Expo Hall Open
Friday October 25, 2024 8:00am - 3:00pm CDT
Live Oak Room/Expo Hall
Friday October 25, 2024 8:00am - 3:00pm CDT
Live Oak Room/Expo Hall 2525 W Anderson Ln., Austin, TX 78757, USA
  Conference Activity

8:00am CDT

Registration Open
Friday October 25, 2024 8:00am - 3:00pm CDT
Lobby
Friday October 25, 2024 8:00am - 3:00pm CDT
Lobby 2525 West Anderson Lane, Austin, TX, USA
  Conference Activity

9:00am CDT

Keynote - Hacker Numerology
Friday October 25, 2024 9:00am - 10:00am CDT
Red Oak Ballroom
This talk explores the numbers that define our lives and how to use limited observations of identifiers to reason about the security properties of systems.

Speakers
avatar for HD Moore

HD Moore

Founder, runZero
HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability... Read More →
Friday October 25, 2024 9:00am - 10:00am CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Config Comedy: Baseline Scans Gone Wild
Friday October 25, 2024 10:00am - 10:50am CDT
LevelBlue Room (Magnolia)
Would you rather wake up in a zombie apocalypse or tweak CIS benchmark compliance scans in your Threat & Vulnerability Management (TVM) tool to fit every OS platform version you have?
The apocalypse definitely sounds like a cakewalk in comparison, ain't it? Join my zombie horde and learn how I accomplished the latter and kept my (questionable) sanity. Target audience is everyone. Basic awareness of TVM and compliance scans against CIS benchmark will help you make the most out of this talk, but no hands-on experience in TVM is required. Goal: I hope you will leave with a dose of optimism and a concrete plan on how to tackle it at your organization.
Speakers
avatar for Petr Sidopulos

Petr Sidopulos

Principal Cybersecurity Architect
Petr is a cybersecurity professional in the Austin, TX area, working in the role of a Principal Cybersecurity Architect.He is experienced across most security domains, including offensive and defensive operations, threat hunting, DFIR and others with a knack for finding and implementing... Read More →
Friday October 25, 2024 10:00am - 10:50am CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Harnessing Nature's Wisdom: Growing a Security Champion Program Into a Security Powerhouse
Friday October 25, 2024 10:00am - 10:50am CDT
Promon Room (Cypress)
Yahoo’s Security Champion program offers a proven approach to embed a security influencer within engineering teams company-wide. Utilizing sound methodology based in behavioral psychology and empirical science, organizations can achieve remarkable results that enhance their security team’s success.
Speakers
avatar for Bonnie Viteri

Bonnie Viteri

Principle Technical Security Engineer, Yahoo
Building security programs and devising simple solutions to complex problems is what I do. I didn't travel the traditional path into cyber, and I don't plan to conform now. A behavioral psychologist at heart who is always watching and actively listening when everyone else is waiting... Read More →
Friday October 25, 2024 10:00am - 10:50am CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Having ASPM your Way: How to Avoid the Trough of Disillusionment
Friday October 25, 2024 10:00am - 10:50am CDT
Red Oak Ballroom
ASPM seems to be everywhere these days. Has AppSec pivoted into a brave new world or is this just a new “acro-Gartner-nym” that we now have to deal with? What does ASPM look like from someone who’s AppSec career started before AppSec was a job description? This talk looks at what the market says about ASPM and fires it in the crucible of experience to see what is left when the heat is gone. Gain practical, front-line advice on how to take the best of what ASPM has to offer and adapt it to the situation you face in your day to day AppSec life. Learn how to leverage the buzz around ASPM to make your life better and survive the hype cycle.
Speakers
avatar for Matt Tesauro

Matt Tesauro

Founder and CTO, DefectDojo
Matt Tesauro is a DevSecOps and AppSec guru who specializes in creating security programs, leveraging automation to maximize team velocity and training emerging and senior security professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via... Read More →
Friday October 25, 2024 10:00am - 10:50am CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

10:00am CDT

Untapped Territory: Strengthening Defenses Against CI/CD Security Threats
Friday October 25, 2024 10:00am - 10:50am CDT
Snyk Room (Pecan)
As modern software development practices evolve, CI/CD pipelines have emerged as a potent, yet under-secured frontier. This has resulted in a shift in focus from attackers, who are exploiting the traditionally overlooked vulnerabilities in the development pipelines. In this presentation, we'll dive into the top CI/CD security risks as identified by OWASP. We'll look at how each attack can be performed, explore potential impacts, and the motives of bad actors. This talk will provide you with pragmatic strategies to strengthen your CI/CD security posture. Join us to transform your CI/CD pipeline from a potential vulnerability into a cornerstone of your security infrastructure.
Speakers
avatar for Farshad Abasi

Farshad Abasi

CEO, Co-founder, Eureka DevSecOps
Farshad Abasi is the Founder and CEO of Forward Security and Eureka DevSecOps, bringing over 27 years of industry experience to the forefront of cybersecurity innovation. His professional journey includes key technical roles at Intel and Motorola, evolving into senior security positions... Read More →
Friday October 25, 2024 10:00am - 10:50am CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

No Laughing Matter: The OWASP Top 10 for LLMs in Code Examples
Friday October 25, 2024 11:00am - 11:50am CDT
Promon Room (Cypress)
Join us as we dive into the OWASP Top 10 AI & ML security risks, and some of the hilarious and not so funny things you need to be wary of when leveraging these tools for your engineering organizations. We'll cover everything from prompt injection attacks to model hallucination (think AI on a bad trip), and more. We'll share real-world code examples that highlight these risks in a way that may make you laugh, and possibly cry, but we will definitely keep it entertaining.
Speakers
avatar for Aviram Shmueli

Aviram Shmueli

Chief Research & Innovation Officer and Co-Founder, Jit
As the Chief Research & Innovation Officer and Co-Founder of Jit, the Open ASPM platform, Aviram combines his passion for creating innovative products with deep expertise in security. With over 20 years of hands-on experience, he has held senior roles in research, engineering and... Read More →
Friday October 25, 2024 11:00am - 11:50am CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

Safeguarding Machine Learning Systems: A Comprehensive Security Plan
Friday October 25, 2024 11:00am - 11:50am CDT
LevelBlue Room (Magnolia)
In this presentation, we unveil a holistic security approach tailored for machine learning (ML) systems in artificial intelligence (AI). We kick start by dissecting prevalent security risks in ML, such as adversarial attacks and data poisoning, setting the stage for a proactive defense strategy. Our comprehensive approach encompasses Data Security, Model Security, Platform Security, Security Compliance, and Human Security. Data Security emphasizes encryption, access control, and anonymization techniques to safeguard sensitive data. Model Security advocates for model watermarking and adversarial robustness training to fortify models against manipulations. Platform Security ensures secure configurations and continuous monitoring to mitigate vulnerabilities. Adhering to Security Compliance principles aligns with ethical AI deployment, guided by transparency and accountability. Human Security emphasizes comprehensive training. Attendees will gain practical insights into integrating security measures throughout the ML lifecycle, bolstering the resilience and trustworthiness of their ML systems while ensuring responsible AI deployment.
Speakers
avatar for Viswanath S Chirravuri

Viswanath S Chirravuri

Software Security Expert, Thales
Hi, I'm Vis. With over 20 years of experience in the field of Cybersecurity, I am currently pursuing a Doctor of Engineering (DEng) degree in Cybersecurity Analytics from George Washington University (GWU). I also hold a Master’s degree in Information Security Engineering (MS-ISE... Read More →
Friday October 25, 2024 11:00am - 11:50am CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

The Modern Threat Landscape
Friday October 25, 2024 11:00am - 11:50am CDT
Snyk Room (Pecan)
In today’s digitized world, cybersecurity remains a paramount concern for individuals, businesses, and governments. The evolution of cyber threats is relentless, with attackers constantly developing new methods to breach systems. This presentation will delve into several critical aspects of the modern threat landscape including attacker methods and motivations, positive and negative use cases for the dark web, the threat of deep fake technologies, and the effects of AI in the arms race between attackers and defenders. Strategies that can be implemented to mitigate these risks will also be reviewed. Understanding the modern threat landscape is crucial for effective cybersecurity defense. By addressing attacker motivations, exploring the darkweb’s dual nature, and staying vigilant against emerging technologies, we can better protect our digital ecosystems.
Speakers
avatar for Mike Klepper
Friday October 25, 2024 11:00am - 11:50am CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

11:00am CDT

When the attackers lose, case studies in API security strategies
Friday October 25, 2024 11:00am - 11:50am CDT
Red Oak Ballroom
In this discussion I will talk about various attacks and how the attackers lost. The concepts here extend from my talk about counting things last year and continue with strategies we all can use in data science in order to identify and stop attacks.
Speakers
avatar for Jason Kent

Jason Kent

Specialist - Bot and Fraud, Traceable
Jason Kent is a well-respected leader in the security industry with more than 20 years of experience in Information Technology and Information Security.  Jason has worked with hundreds of organizations across the globe, addressing a wide array of technology, security and program... Read More →
Friday October 25, 2024 11:00am - 11:50am CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

11:30am CDT

Lunch - Day 2
Friday October 25, 2024 11:30am - 1:00pm CDT
Live Oak Room/Expo Hall
Friday October 25, 2024 11:30am - 1:00pm CDT
Live Oak Room/Expo Hall 2525 W Anderson Ln., Austin, TX 78757, USA
  Conference Activity

1:00pm CDT

A Fun Story About A Software Supply Chain Calamity: the UA-Parser Saga
Friday October 25, 2024 1:00pm - 1:50pm CDT
Promon Room (Cypress)
4.2 million people use the UA-Parser javascript library according to github, and it is key to 2000+ downstream projects per NPM. Right before Halloween a "Security Issue" thread was created including the warning "I can't seem to unpublish the compromised versions". This lighthearted talk will discuss the UA-Parser compromise, response, and how to detect whether it's GroundHog Day and your app is including a polluted library, UA Parser or otherwise.
Speakers
avatar for Andy Lewis

Andy Lewis

Solutions Architect and Honeybee Wrangler, ReversingLabs
Andy is a Solutions Architect and Honeybee Wrangler with ReversingLabs, a Startup that's tackling Software Supply Chain Security head-on.  Founder of Denver OWASP, Boulder OWASP, and co-founder of the SnowFROC AppSec conference.
Friday October 25, 2024 1:00pm - 1:50pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

1:00pm CDT

Avoiding the Paranoia: 5 Seasons of DevSecOps Lessons
Friday October 25, 2024 1:00pm - 1:50pm CDT
Snyk Room (Pecan)
What can you can learn when you sit down with people from different walks of life and talk to them? Turns out to be A LOT. And after several seasons of running the application paranoia podcast, we've talked to dozens of thought leaders and practitioners, and even a sports radio personality, and we've learned a few things that are well worth sharing. We invite you to join us as we examine the people, process and technology aspects to reveal some of the best lessons we've heard, mistakes to avoid, tips to gain buy-in, and things you can do to help the next generation of cyber professionals. And of course we will mix in our favorite fun stories as well.
Speakers
avatar for Colin Bell

Colin Bell

Product CTO, HCL Software
I am the AppScan product CTO at HCL Software. As a seasoned application security professional, I'm passionate about helping organizations navigate the complex cybersecurity landscape. With over a decade of experience, I've led teams, developed innovative solutions, and driven positive... Read More →
avatar for Rob Cuddy

Rob Cuddy

Application Security Evangelist, HCL
Rob is currently a Global Application Security Evangelist for HCL providing thought leadership for application security, DevOps and DevSecOps initiatives, and is one of the hosts of the Application Paranoia podcast. Prior to this role, Rob was with IBM for 14 years with roles in Application... Read More →
Friday October 25, 2024 1:00pm - 1:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

1:00pm CDT

Defending AI Infrastructure's New Attack Surface
Friday October 25, 2024 1:00pm - 1:50pm CDT
LevelBlue Room (Magnolia)
As your organization rushes to adopt AI technologies it introduces novel attack surfaces. Whether you're using cloud-native AI as a service, or rolling your own in-house, you'll need to consider securing your data, locking down access, and protecting against denial of service. Leveraging stories from the trenches, this beginner-friendly talk will prepare you to secure your back-end infrastructure as you add AI to the front-end.
Speakers
avatar for Gabe Schuyler

Gabe Schuyler

Gabe is a seasoned technology professional with decades of experience in cybersecurity, automation, and operations.  His dynamic career includes stints at Palo Alto Networks, Puppet Labs, and even Sony PlayStation.  (He's in the credits of two dozen games!)  Off the clock he enjoys... Read More →
Friday October 25, 2024 1:00pm - 1:50pm CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

1:00pm CDT

Perspectives on Application Security and AI
Friday October 25, 2024 1:00pm - 1:50pm CDT
Red Oak Ballroom
In this talk, you’ll learn different perspectives on where AppSec and AI streams overlap and prove fruitful, as well as introductions to tools, frameworks, prompt techniques, and more.
Speakers
JW
Friday October 25, 2024 1:00pm - 1:50pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

1:45pm CDT

Snack Break!
Friday October 25, 2024 1:45pm - 2:15pm CDT
Live Oak Room/Expo Hall
Friday October 25, 2024 1:45pm - 2:15pm CDT
Live Oak Room/Expo Hall 2525 W Anderson Ln., Austin, TX 78757, USA
  Conference Activity

2:00pm CDT

AI Under the Hood: Unmasking Hidden Threats
Friday October 25, 2024 2:00pm - 2:50pm CDT
LevelBlue Room (Magnolia)
Much like cars, AI technologies must undergo rigorous testing to ensure their safety and reliability. However, just as a 16-wheel truck’s brakes are different from that of a standard hatchback, AI models too may need distinct analyses based on their risk, size, application domain, and other factors. Prior research has attempted to do this, by identifying areas of concern for AI/ML applications and tools needed to simulate the effect of adversarial actors. However, currently, a variety of frameworks exist which poses challenges due to inconsistent terminology, focus, complexity, and interoperability issues, hindering effective threat discovery. In this talk, we discuss initial findings from our meta-analysis of 14 AI threat modeling frameworks, providing a streamlined set of questions for AI/ML threat analysis. We will also discuss how we refined this library through expert review to simplify questions and allow seamless integration to the manual analysis of AI/ML applications.
Speakers
NB

Nuray Baltaci Akhuseyinoglu

Cybersecurity and Privacy Researcher, Comcast
Friday October 25, 2024 2:00pm - 2:50pm CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

CVSS v4 – A Better Version of an Imperfect Solution
Friday October 25, 2024 2:00pm - 2:50pm CDT
Snyk Room (Pecan)
Common Vulnerability Scoring System (CVSS) is the global go-to standard for attributing criticality scores to vulnerabilities. In this talk, I will explore the latest iteration of CVSS (version 4, its adoption in the InfoSec, and its importance to the Open Source community. I will talk about its role in vulnerability risk management and how it's critical for prioritizing risks. I will highlight some ever-enduring challenges, how to optimize the scoring effectiveness to overcome some of those challenges, and play with ideas for an effective solution within the broader context of cybersecurity. I aim to engage with a diverse audience, offering insights into the evolving landscape of vulnerability assessment and inspiring discussion on the future developments of the vector for proper risk management in open-source vulnerabilities, with the idea of leaving some open questions for the future.
Speakers
avatar for Mário Teixeira

Mário Teixeira

Senior Application Security Analyst, Checkmarx
Mário brings over 4 years of experience to his role at Checkmarx, blending curiosity with his Security expertise. From trying to break his computer as a kid to exploring AppSec, he's a perpetual learner. Experienced in Pen-testing and Research, he now helps secure the Open Source... Read More →
Friday October 25, 2024 2:00pm - 2:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

My InfoSec journey led me to create my own incident response tools, what led me here and how or why you should do it too!
Friday October 25, 2024 2:00pm - 2:50pm CDT
Red Oak Ballroom
Ever wonder what a seasoned incident responder uses to investigate an incident? Making security tools is harrrrrrrrrrd, I should know I have architected a few. In this talk we will walk through my career journey and what led me to create tools to fill gaps existing tooling did not have and why this applies to you in your career journey. So come take a walk in my shows so you can walk easier in yours.
Speakers
avatar for Michael Gough

Michael Gough

Founder, Malware Archaeology
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free... Read More →
Friday October 25, 2024 2:00pm - 2:50pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA

2:00pm CDT

OWASP MASVS and Threats to Mobile Apps in 2023
Friday October 25, 2024 2:00pm - 3:00pm CDT
Promon Room (Cypress)
This talk will discuss the OWASP MASVS categorization of mobile threats, with a particular focus on the threats met by "Resilience" guidelines (namely, attempts to reverse engineer mobile applications). We'll briefly define the Mobile App Sec security project and the Verification Standard and then chronicle the number and types of threats to mobile apps worldwide, focusing on which of the categories the various threats fall into. We'll wrap up by describing some of the ways in which AppSec engineers are defending against the reverse engineering and tamping.
Speakers
avatar for Daniel Shugrue

Daniel Shugrue

Security Evangelist, Digital.ai
Daniel Shugrue has spoken to security audiences in Boston, Austin, Dusseldorf, Cannes, and Beijing. Prior to working at Digital.ai, Daniel worked in Confidential Computing at Microsoft, IoT Security at CyberX, Web App Firewall security at Akamai, and authentication at RSA. Daniel... Read More →
Friday October 25, 2024 2:00pm - 3:00pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

3:00pm CDT

AI Supply Chain Security - Invent Backward then Forward
Friday October 25, 2024 3:00pm - 3:50pm CDT
LevelBlue Room (Magnolia)
AI-enabled features in software bring a new whole new set of supply chain security threats, and they affect additional people in your company that have traditionally not needed to think about security. In this engaging look at AI supply chain security, we'll learn that creatively defending against these new threats requires us to invent backward as others have done before us. And we'll discuss some emerging supply chain defenses in CI/CD and data science that aren't so new after all.
Speakers
avatar for Rob Mixer

Rob Mixer

Product Security Engineer, Proofpoint
Friday October 25, 2024 3:00pm - 3:50pm CDT
LevelBlue Room (Magnolia) 2525 West Anderson Lane #365, Austin, TX, USA

3:00pm CDT

Fortifying the Startup Supply Chain: Secure and Cost-Effective Strategies that Won't Break the Bank
Friday October 25, 2024 3:00pm - 3:50pm CDT
Promon Room (Cypress)
This paper aims to address the urgent need for supply chain security in startups. With increasing examples of substantial impacts due to supply chain risks, from the Target attack to the recent Moveit vulnerability, it's clear that security is not a luxury, but a necessity. However, many startups, while acknowledging the importance of security, struggle to allocate substantial resources towards it due to cost constraints. This paper aims to bridge this gap by providing an array of cost-effective and implementable strategies for startups to secure their supply chains.The proposed strategies include what exactly to keep in mind when working with vendors, which open-source tools to use, what kind of cost effective audits you can perform, & more. The paper underscores that with few security experts to set up and manage these tools, startups can fortify their supply chains without breaking the bank, thereby gaining customer trust and ensuring business continuity.
Speakers
avatar for Akanksha Pathak

Akanksha Pathak

Senior Cybersecurity Consultant, Visa
Senior Cybersecurity Consultant specializing in Cloud Security, Application Security, Threat Analysis & Response, Vulnerability Management, and Product Security. As a senior member of the corporate governance team, I oversee the third-party cybersecurity practice. My expertise lies... Read More →
Friday October 25, 2024 3:00pm - 3:50pm CDT
Promon Room (Cypress) 2525 West Anderson Lane #365, Austin, TX, USA

3:00pm CDT

The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!
Friday October 25, 2024 3:00pm - 3:50pm CDT
Snyk Room (Pecan)
Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, we created xCOMPASS, an open-sourced framework that presents a solution that does not require much expertise/training in privacy domain to identify privacy engineering requirements during PTM. xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification). To the best of our knowledge, xCOMPASS is a state-of-the-art solution.
Speakers
avatar for Rahmadi Trimananda

Rahmadi Trimananda

Research Engineer, Comcast Cybersecurity and Privacy Research
Rahmadi Trimananda is a cybersecurity researcher, focusing on privacy, at Comcast Cyber Security and Privacy Research. Previously, he was a research scientist at UC Irvine and the ProperData Center (https://properdata.eng.uci.edu/) – an NSF SaTC Frontiers Center whose goal is to "Protect Personal Data on the Internet". He obtained his Ph.D. from UC Irvine in Computer Engineering. In the past, he was affiliated with other Fortune 500 major tech companies, such as Intel, Xilinx (now part of AMD), and Microsoft. In... Read More →
Friday October 25, 2024 3:00pm - 3:50pm CDT
Snyk Room (Pecan) 2525 West Anderson Lane #365, Austin, TX, USA

4:00pm CDT

Closing Remarks, Content Results, Prize Drawings
Friday October 25, 2024 4:00pm - 5:00pm CDT
Red Oak Ballroom
Friday October 25, 2024 4:00pm - 5:00pm CDT
Red Oak Ballroom 2525 West Anderson Lane #365, Austin, TX, USA
 
  • Filter By Date
    Oct 24 - 25, 2024
  • Filter By Venue
    Austin, TX, USA
    All
    LevelBlue Room (Magnolia)
    Live Oak Room/Expo Hall
    Lobby
    Magnolia (B) Room
    Promon Room (Cypress)
    Red Oak Ballroom
    Snyk Room (Pecan)
  • Filter By Type
    Conference Activity
    General InfoSec
  • Timezone
Filter sessions
Apply filters to sessions.
Thursday, October 24
Friday, October 25
LevelBlue Room (Magnolia)
Live Oak Room/Expo Hall
Lobby
Magnolia (B) Room
Promon Room (Cypress)
Red Oak Ballroom
Snyk Room (Pecan)
  • Conference Activity
  • General InfoSec
  • Popular