VIPSS Sector Days – Application Security March 30, 2021, Virtual Platform

General Information

VIPSS Sector Days – Application Security
March 30, 2021
3pm-7pm PST

You’re invited to our complimentary by invitation only VIP Application Security Sector Day presented by the Vancouver International Privacy & Security Summit in partnership with ISACA Vancouver on March 30th. Join your peers and industry experts for an interactive afternoon of thought-provoking discussion where we’ll cover some of the most relevant cyber security topics impacting the Application Security Sector in Canada today.

Our tightly packed 4-hour agenda was carefully curated by a committee of your peers in the Application Security sector.

This event is designed to inform and educate business executives and cybersecurity professionals on the critical issues affecting the Application Security Sector. For inquiries about this event please contact:

When registering for your complimentary Sector Day ticket you will also have the opportunity to purchase a discounted ticket at $250+tax for #VIPSS21!

To register please click here!


Farshad Abasi

Chief Security Officer, Forward Security

Amiran Alavidze

Director of Security & Risk Management, TaskTop

Elizabeth Bell

Staff Security Engineer, Mozilla

Mike Cavallin

Senior Cyber Security Engineer, BCI

Chris David

Senior Security Consultant, TELUS Digital

Dana Epp

Microsoft MVP, Security Researcher, Vulscan Digital Security

Aarti Gadhia

Enterprise Sales Manager, Bugcrowd

Lalithya Malyala

Bugcrowd Researcher

Heidi Martin

Founder, Hijinx Security

Catherine Mendonsa

CISO, Director Information Systems Security & Enterprise Architecture, Finning

Roberto Salgado

Chief Technical Officer, Websec

Iman Sharafaldin

Application Security (AppSec) Lead, Forward Security
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.

Tuesday, March 30, 2021

3:00-3:15pm PST

Session 1 – Keynote Speaker: Application Security Landscape: The Past, Present, and Future

The field of application security is considered a relative new comer when compared to other areas of Cybersecurity or IT. Where did it all begin, and where are things headed? Farshad draws from his vast experience in this field both in British Columbia as well as globally to address these questions and set the theme for the event.

3:15-4:00pm PST

Session 2 – Verifying your business's application security in the modern world

If 2020 showed us anything, it was how many digital transformation projects accelerated in an effort to help businesses stay safe and allow staff to work remotely. But how safe are the applications and architecture that were rushed to production use? How do we verify the safety of the systems and solutions that expose our businesses to great potential risk? In this presentation you will learn about the OWASP Application Security Verification Standard and how you can align your appsec verification methodologies to meet or exceed these baselines. By the end, you will also be able to weigh the benefits and drawbacks of formalized appsec testing, internal red teams and the consideration for external partners like pentesting firms and crowdsourced security platforms.

4:00-4:15pm PST

Networking Break

4:15-4:45pm PST

Session 3 - Explaining Application Security to the Board

The pandemic has accelerated digital transformation and the digital ecosystem is expanding. According to Forrester's 2020 State of Application Security report, applications are the weakest link however, organizations continue to invest in protecting other attack vectors. In today's complex digital world, application security is important.

This talk will cover:
• Understanding the problem
• Why application security is major challenge for software engineers, devops and security teams
• How organizations handle the problem
• What does application security mean to the Board

4:45-5:15pm PST

Session 4 - How to Secure Blockchain Smart Contracts

Smart contracts are a revolutionary aspect of blockchain for enforcement of agreements and transferring value without a 3rd party. They are inherently insecure, resulting in incidents. This is an overview of vulnerabilities and how to secure them.

5:15-5:30pm PST

Networking Break

5:30-6:15pm PST

Session 5 - Zero Trust Design in Web Apps

Why do the internet's largest companies use Zero Trust designs? Zero Trust makes attackers' lives hard! You'll leave this talk with three main takeaways:
1) Why Zero Trust design is so important for web application design.
2) A phased approach you can take with your old and new projects.
3) Learn about a simple, secure, scalable Zero Trust reference design you can implement using Okta and Cloudflare (and see a demo!)

6:15-7:00pm PST

Session 6 - Panel: Application Security Landscape: Changes and Opportunities

Application Security Sector Day Sponsors

Presented By