VIPSS Sector Days – Application Security March 9, 2022, Virtual Platform

General Information

VIPSS Sector Days – Application Security
March 9, 2022
9am-12pm PST

You’re invited to our complimentary Application Security Sector Day presented by the Vancouver International Privacy and Security Summit in partnership with ISACA Vancouver and OWASP Vancouver on March 9th. Join your peers and industry experts for an interactive morning of thought-provoking discussion where we’ll cover some of the key application security topics impacting organizations today.

Our tightly packed 3-hour agenda was carefully curated by a committee of your peers from OWASP Vancouver. Be sure to join the meet-up group to stay informed of upcoming events: https://www.meetup.com/OWASP-Vancouver-Chapter/

Agenda topics include:

  • Preventing the Next Zero Day Vulnerability
  • API Risk Management using the Zero-Trust Model
  • How to Build Software Securely
  • International Women’s Week Panel – Women in Cybersecurity and Application Security

*Please note if you already have a ticket for VIPSS you do not need to register here for sector days as you will automatically have access to these sessions on the virtual platform on March 9th.

 

Speakers

Sasa Djolic

Vice President of Software Development Engineering, Mastercard

Aarti Gadhia

Enterprise Sales Manager , Tines

Nancy Gariché

Senior Developer Advocate, GitHub Security Lab

Mrigakshi Goel

Information Security Engineer, Finning International

Tanya Janca

CEO & Founder, We Hack Purple

Dr. Baljeet Malhorta

Founder & CEO, TeejLab

Heidi Martin

Founder, Hijinx Security

Harsh Modi

Senior Security Consultant, PwC

Betsy Thomas

Security Engineer, Amazon

Jeff Williams

Co-Founder and CTO, Contrast Security
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note all times below are in PST unless listed otherwise.

March 9, 2022

9:00am - 9:45am Virtual

Session 1: Doing this One Crazy Thing Will Change Your AppSec Program Forever

We all trust software with the most important aspects of our life… but it’s a blind trust with virtually no justification. Actually, by almost any measure, application security has been failing for 20 years. Software is still riddled with vulnerabilities and gets attacked thousands of times a month – mostly undetected. Yet instead of trying different approaches, we mostly keep pushing the same futile and expensive practices harder. In this talk, we’ll discuss why the underlying asymmetric information problem in the software market makes it impossible to make progress. And we’ll talk about how we can escape this trap, change the software market, and make software trustworthy for everyone.

9:45am - 10:30am Virtual

Session 2: Panel: Application Security from start to finish with 4 seasoned veterans

10:30am - 10:35am Virtual

Morning Break

10:35am - 11:00am Virtual

Session 3: Zero Trust Model – A Swiss Knife for API Risk Management

Web applications are prone to various cybersecurity risks. Did you know that 96% of these web applications contain some Open Source? Furthermore, did you know that 99% of such Open Source contain some Web APIs. You may be surprised to know that Web APIs contribute 83% of the traffic over the internet. Unfortunately, this growing API usage also means growing cybersecurity risks. Although, APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation, but organizations are also negatively impacted by APIs due to their weak security posture leading to business disruptions, legal and compliance issues. Gartner has actually predicted that by 2022, API abuses will be the most frequent attack vector resulting in data breaches for web applications. Given the importance of APIs for digital transformation at organizations, it is imperative for their Security, Compliance and Audit professionals to get a handle on APIs to manage various API related risks. This session will provide an overview of an API Governance framework for effective API Risk Management. This framework is inspired by the Zero Trust model that enterprises can use as a “Swiss Knife” for reducing their API related risks. I’ll also highlight best practices and hands-on examples for API Risk Management.

11:00am - 11:30am Virtual

Session 4: Bypass File Upload Restrictions in Modern Web Applications

11:30am - 12:00pm Virtual

Session 5: Meeting the needs of data localization with Attribute Based Access Control

The recent popularity of data localization legislation—various policy measures that restrict data flows by limiting the physical storage and processing of data within a given jurisdiction’s boundaries—is causing a gap to appear between compliance and the access control mechanisms offered by popular data storage and processing vendors. Put simply, the technology has fallen behind regulations like GDPR, especially in light of recent Schrems and Schrems II rulings. More regulatory regions have either enacted similar regulations or are expected to do so soon. In this talk, we’ll explore how to meet the needs of data localization regulations around the world with Attribute Based Access Control (ABAC).

Application Security Sector Day Sponsor

Presented By