VIPSS Sector Days – Application Security
March 9, 2022
You’re invited to our complimentary Application Security Sector Day presented by the Vancouver International Privacy and Security Summit in partnership with ISACA Vancouver and OWASP Vancouver on March 9th. Join your peers and industry experts for an interactive morning of thought-provoking discussion where we’ll cover some of the key application security topics impacting organizations today.
Our tightly packed 3-hour agenda was carefully curated by a committee of your peers from OWASP Vancouver. Be sure to join the meet-up group to stay informed of upcoming events: https://www.meetup.com/OWASP-Vancouver-Chapter/
Agenda topics include:
- Preventing the Next Zero Day Vulnerability
- API Risk Management using the Zero-Trust Model
- How to Build Software Securely
- International Women’s Week Panel – Women in Cybersecurity and Application Security
*Please note if you already have a ticket for VIPSS you do not need to register here for sector days as you will automatically have access to these sessions on the virtual platform on March 9th.
Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.
March 9, 2022
9:00am - 9:45am • Virtual
Session 1: Doing this One Crazy Thing Will Change Your AppSec Program Forever
We all trust software with the most important aspects of our life… but it’s a blind trust with virtually no justification. Actually, by almost any measure, application security has been failing for 20 years. Software is still riddled with vulnerabilities and gets attacked thousands of times a month – mostly undetected. Yet instead of trying different approaches, we mostly keep pushing the same futile and expensive practices harder. In this talk, we’ll discuss why the underlying asymmetric information problem in the software market makes it impossible to make progress. And we’ll talk about how we can escape this trap, change the software market, and make software trustworthy for everyone.
9:45am - 10:30am • Virtual
Session 2: Panel: Application Security from start to finish with 4 seasoned veterans
10:30am - 10:35am • Virtual
10:35am - 11:00am • Virtual
Session 3: Zero Trust Model – A Swiss Knife for API Risk Management
Web applications are prone to various cybersecurity risks. Did you know that 96% of these web applications contain some Open Source? Furthermore, did you know that 99% of such Open Source contain some Web APIs. You may be surprised to know that Web APIs contribute 83% of the traffic over the internet. Unfortunately, this growing API usage also means growing cybersecurity risks. Although, APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation, but organizations are also negatively impacted by APIs due to their weak security posture leading to business disruptions, legal and compliance issues. Gartner has actually predicted that by 2022, API abuses will be the most frequent attack vector resulting in data breaches for web applications. Given the importance of APIs for digital transformation at organizations, it is imperative for their Security, Compliance and Audit professionals to get a handle on APIs to manage various API related risks. This session will provide an overview of an API Governance framework for effective API Risk Management. This framework is inspired by the Zero Trust model that enterprises can use as a “Swiss Knife” for reducing their API related risks. I’ll also highlight best practices and hands-on examples for API Risk Management.
11:30am - 12:00pm • Virtual
Session 5: Meeting the needs of data localization with Attribute Based Access Control
The recent popularity of data localization legislation—various policy measures that restrict data flows by limiting the physical storage and processing of data within a given jurisdiction’s boundaries—is causing a gap to appear between compliance and the access control mechanisms offered by popular data storage and processing vendors. Put simply, the technology has fallen behind regulations like GDPR, especially in light of recent Schrems and Schrems II rulings. More regulatory regions have either enacted similar regulations or are expected to do so soon. In this talk, we’ll explore how to meet the needs of data localization regulations around the world with Attribute Based Access Control (ABAC).