Loading…
LASCON X has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Development [clear filter]
Thursday, October 24
 

11:00am

Application Logging in the Era of GDPR
Applications log their activities for a variety of purposes including security. Developers and operation personnel adopt OWASP tools and others to enhance the security posture of their products and services.

On the one hand, businesses have different security requirements based on risks faced by and trust levels required of their products. More relevant security guidance is often needed by developers. On the other hand, GDPR is the law safeguarding privacy of individual EU citizens. This affects all products sold or operated in EU. Developers often raise questions regarding to what data can or cannot be logged to keep GDPR compliance. Although many material and training on GDPR exist, few provides guidance on application logging.

In this talk, we describe how we address these issues, including security and privacy related to application logging, protection of log data, and impacts of GDPR. Audiences will take away with recommendations and tips.

Speakers


Thursday October 24, 2019 11:00am - 12:00pm
Cypress Room 2525 W Anderson Ln #365, Austin, TX 78757, USA

11:00am

Choosing the Right Static Code Analyzers Based on Hard Data
Published research shows that static code analysis cost-effectively catches security weaknesses before they become exploitable vulnerabilities. But finding the right code analyzers can be challenging.
This talk will discuss research funded by the U.S. Department of Homeland Security to deliver unbiased methods and information to assess and compare the performance of static analyzer products.
In this talk we introduce a new, freely-available website that presents the results of our research. We will discuss plans to track the types of weaknesses that analyzers can detect to help people quickly find the right analyzer and how to achieve good detection coverage of multiple weaknesses.
We’ll discuss the properties of analyzers important to consider when bringing one (or a few!) into your development pipeline. We’ll also cover plans to benchmark results quality using real code, not artificial data sets. Finally, we’re looking forward to audience feedback on what information or capabilities are important.

Speakers
avatar for Chris Horn

Chris Horn

Senior Researcher, Secure Decisions
Chris Horn is a Senior Researcher at Secure Decisions, an R&D division of Applied Visions, Inc. He has 18 years of experience in research, software systems, and new product development. Currently, he leads cybersecurity research & development projects and focuses on developing technology... Read More →


Thursday October 24, 2019 11:00am - 12:00pm
Contrast Security Room 2525 W Anderson Ln #365, Austin, TX 78757, USA

1:00pm

How to Secure a nodejs Application End-to-End
Since the creation of the first web application, more and more applications are moving to the web. As applications, data, and the users migrate online, so do the respective threats. Viruses that used to infect people’s computers now try to steal user data online.
As developers, it is our responsibility to protect our end users from potential threats. Although the vulnerabilities apply to any web servers, the tools and best practices we will discuss are specific to nodejs based webserver. Nodejs is a javascript runtime which can be used to serve web application with highly scalable asynchronous I/O.

Speakers
avatar for Muzamil Muein

Muzamil Muein

Senior Software Architect, Thales
Muein Muzamil is a member of the technical community at Thales and works as a senior software architect in the Enterprise and Cybersecurity group based in Austin, TX. His research interests include evolving authentication solutions, federated authentication, one-time password (OTP... Read More →



Thursday October 24, 2019 1:00pm - 2:00pm
Under Armour Room 2525 W Anderson Ln #365, Austin, TX 78757, USA
 
Friday, October 25
 

10:00am

Lost in Translation: Communicating Outside of Security
As organizations adopt DevSecOps, security professionals interact more and more with pure development teams. If you’ve ever explained why security is important to a developer, however, you’ve probably run into a language barrier. This talk is given by a developer/casual hacker that wants to help infosec communities understand communication pitfalls; some common language we can all use; and what developers need from security to succeed.

Speakers
avatar for Jessica Schalz

Jessica Schalz

Security Engineer
I love talking about app sec tools, organizational psychology in security, and diversity/inclusion! Also dogs and Golang!


Friday October 25, 2019 10:00am - 11:00am
Under Armour Room 2525 W Anderson Ln #365, Austin, TX 78757, USA

1:00pm

Do Certain Types of Developers or Teams Write More Secure Code?
Why do some developers and development teams write more secure code than others? In this talk we will describe several human factors—developer, team and environmental characteristics—that influence whether developers will inadvertently introduce security weaknesses into their code. We’ll present the results of research on how factors such as developer experience, disrupted attention, team size, team co-location, communication, work hours, and code rewrites affect software security. The research results are drawn from DoD-funded R&D conducted by our company on both open-source and proprietary software repositories, as well as academic research on software engineering practices. At the end of the talk, we will describe how others can participate in this research.

Speakers
avatar for Chris Horn

Chris Horn

Senior Researcher, Secure Decisions
Chris Horn is a Senior Researcher at Secure Decisions, an R&D division of Applied Visions, Inc. He has 18 years of experience in research, software systems, and new product development. Currently, he leads cybersecurity research & development projects and focuses on developing technology... Read More →
avatar for Anita D'Amico

Anita D'Amico

CEO, Code Dx, Inc.
Anita D’Amico, PhD is CEO of Code Dx, Inc. which provides open-source and commercial application security solutions based on advanced technologies developed by Secure Decisions, an R&D organization which she had also directed. Her roots are in experimental psychology and human factors... Read More →


Friday October 25, 2019 1:00pm - 2:00pm
Cypress Room 2525 W Anderson Ln #365, Austin, TX 78757, USA

1:00pm

How to Build an Effective Malware Protection Architecture for File Uploads in Modern Web Apps
Web applications have traditionally accepted file uploaded via web portals, which had bot prevention controls to avoid bots uploading files vs user. With the boom of API economy, more and more applications have started accepting files over API, this allows uploading of file a programmatic approach available for good bots and vector for allowing numerous file uploads during a day. This convenience, also comes with security shortcomings - for example, files cannot be analysed manually for potential malware since the number is huge, there could be synchronous processing needed as business functionality in web app. This talk will look at a novel approach to build and operate a practical automated malware analysis platform and considerations for it to scale at enterprise level maintaining heavy performance needs of web apps, to effectively detect and discard malicious file uploads in web app.

Speakers
avatar for Ravi K Muthukrishnan

Ravi K Muthukrishnan

Product Security Lead, Visa Inc.
Ravi is a technologist, and a security expert specializing in web application security, cloud security, data protection, risk management, and cybersecurity.He has 8+ years of global work experience in the cybersecurity industry. He is currently leading security architecture for Visa... Read More →



Friday October 25, 2019 1:00pm - 2:00pm
Contrast Security Room 2525 W Anderson Ln #365, Austin, TX 78757, USA