OWASP Global AppSec US 2021

The idea of secure coding training that covers just what you need, right when you need it, seems too good to be true. But it’s not. Leading development teams are using their own vulnerabilities to train their coders, focusing on their most pressing mistakes while providing a more relevant experience that keeps coders engaged. This presentation will show you how to set up a program, and how to make sure your developers develop a fix that really solves the problem.

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

https://github.com/

With the business increased the pressure and demand for flexibility of the development team, the agile movement was pushed to the limits. CI/CD was born to reduce manual steps to reduce human errors and increase speed to go-live! Last not least, with DevOps the teams took application responsibilities, from cradle to grave. Many security teams still struggling on catching up with the current speed of software development and releases. Software security knowledge and experience is missing in most full-stack developers' resumes. Application security is kept out of the development teams responsibility and regarded as a responsibility of the  security department. Pity, because agile, CI/CD and DevOps are security enabling practices! This session is explaining Shift-left, early security enablement in the development Lifecycle. As the application development becomes more developer centric, the developer’s toolset must match the new challenges to have responsibilities matching capabilities. Learn from rugged software to supply chain cleanliness. Learn to avoid the common pitfalls and benefits of modern application development strategies. Hear why security champions programmes tend to fail, compliance driven security training is a waste of time and money. Take back the best practices, proven solutions and how to Shift Left beyond the development

Everyone loves Top 10 lists but that's where API security STARTS - not ENDS. Come hear a lighthearted poke at Top 10 lists and what it takes to have a high-functioning API security program at scale. Don't get pwn3d by OWASP #11, create a successful API program and get a t-shirt to prove it you know better.

As a company working in the security assessment space, Praetorian engineers have seen it all - ranging from an open S3 bucket sitting out in the cloud to Nation-state level code wrangling where we've taken control of a company using bespoke vulnerabilities. Using real-world examples from the field, we will explore lessons learned from our services practice and our process for, at times, translating those into open source products. Does security need to be as gosh-darn hard as it is in real life or is it a matter of working smarter, not harder? We will conclude with a discussion of actionable steps you can take to make your life easier.

OWASP Leaders Meeting
OWASP Leaders from projects, chapters, events, and committees are invited to listen to the latest updates about OWASP functional areas and to come together to share their experiences and discuss how to further the OWASP mission.

Hackers have been mislabeled and treated as criminals due to socially constructed beliefs that have been pushed out by the public. In return, we face prosecution when doing our job and trying to keep the world safe from attackers. Current legislation has destroyed many lives of hackers who did not exploit and stayed within scope. In return, 1 out of 4 hackers don't submit vulnerabilities due to the ongoing fear of prosecution. This talk dives into the socially constructed beliefs that the world has towards hackers and how increasing public awareness is needed to change their mindset to update out-of-date legislation.