-
Opening Remarks
- Global AppSec Crew
-
The House Is Built On Sand: Exploiting Hardware
Glitches And Side Channels In Perfect Software
- Herbert Bos
-
Attacking AWS: The Full Cyber Kill Chain
- Pawel Rzepa
-
Controlled Mayhem With
Cloud Native Security Pipelines
- Ben Pick
-
Practical OWASP CRS In High Security Settings
- Christian Folini
-
OWASP Based Threat Modelling: Creating
A Feedback Model In An Agile Environment
- Chaitanya Bhatt
-
Security Vulnerabilities Decomposition:
Another Way To Look At Vulnerabilities
- Katy Anton
-
The Zest Of ZAP: How Scripting In Our Favorite Tool
Can Bridge The Gap Between Dev Teams And Security
- Peter Hauschulz
-
Knative Security Pipelines
- Spyros Gasteratos
-
WebAuthn: Strong Authentication vs
Privacy vs Convenience
- Suby Raman
-
Choosing The Right Static Code Analyzers
Based On Hard Data
- Chris Horn
-
OWASP SAMM2:
Your Dynamic Software Security Journey
- Sebastien Deleersnyder
-
Web Apps vs Blockchain DApps (Smart Contracts):
Tools, Vulns And Standards
- Damian Rusinek
-
Being Powerful While Powerless: Elevating
Security By Leading Without Authority
- Nathan Yee
-
Secure Agile Development According To SAMM
- Rob Van Der Veer
-
Threat Modelling Stories From The Trenches
- David Johannson and Andrew Lee-Thorp
-
The Now And The Future Of Malicious WebAssembly
- Marius Musch
-
Mobile-Friendly Or Attacker-Friendly? A Large-
Scale Security Evaluation Of Mobile-First Websites
- Tom Van Goethem
-
Modern And Secure IAM For Modern Applications
- Vinod Anandan
-
OWASP Docker Top 10
- Dirk Wetter
-
Securing The Future
- Mikko Hypponen
-
The Woman Who Squashed Terrorists:
When An Embassy Gets Hacked
- Chris Kubecka
-
Restricting The Scripts, You're To Blame,
You Give CSP A Bad Name
- Sebastian Roth and Ben Stock
-
SUSTO: Systematic Universal
Security Testing Orchestration
- Luis Saiz
-
Unlikely Allies:
How HR Can Help Build A Security-First Culture
- Alison Eastaway
-
Don't Trust The Locals: Evaluating And Mitigating The
Insecurity Caused By Trusting Your Client-Side Storage
- Ben Stock and Marius Steffens
-
How Do JavaScript Frameworks Impact
The Security Of Applications?
- Ksenia Peguero
-
Do Certain Types Of Developers
Or Teams Write More Secure Code?
- Anita Damico
-
HTTP Desync Attacks:
Smashing Into The Cell Next Door
- James Kettle
-
[In]secure Deserialization,
And How [Not] To Do It
- Alexei Kojenov
-
The Security We Need:
Designing Usable IoT Security
- Damilare D. Fagbemi
-
The State Of Credential Stuffing
And The Future Of Account Takeovers
- Jarrod Overson
-
No More Whack-A-Mole: How To Find And Prevent
Entire Classes Of Security Vulnerabilities
- Sam Lanning
-
ScriptProtect: Mitigating Unsafe
Third-Party JavaScript Practices
- Marius Musch and Martin Johns
-
Making The Web Secure, By Design ++
- Glenn Ten Cate and Riccardo Ten Cate
-
Breaches Are Everywhere.
What’s A Good Security Leader To Do?!
- Richard Greenberg
-
Five Key Trends In Application Security
- Ameya Talwalkar
-
How To Learn (And Teach) Hacking
- Ruben Gonzalez
-
Fast Forwarding Mobile Security With
The OWASP Mobile Security Testing Guide
- Jeroen Willemsen
-
How I Could Have Stolen
Your Photos From Google
- Gergo Turcsanyi
-
An Infosec Timeline:
Noteworthy Events From 1970 To 2050
- Mario Heiderich
-
Closing Remarks
- Global AppSec Crew