secure coding Virtual Summit September 29th 2021

Adventure Park

Virtual Summit
September 29th, 10am – 6pm EST

Wilder, Faster, and More Visionary Than Ever!

The 3rd Secure Coding Virtual Summit is back

with more of our insightful sessions.

Join us on September 29, 2021
for a day of thrills and chills
as industry experts discuss their wildest rides
on the security roller coaster.

Why Join

The Secure Coding Virtual Summit is your source for everything you need to build secure code from the ground up. Learn how leading AppSec and DevSecOps practitioners, analysts, and visionaries avoid getting stuck at the top of the ferris wheel.

From among our many topics, attendees will learn:
• How to prevent supply chain attacks from code through production
• Why developers struggle with application security
• How to protect your open source projects and create a secure CI/CD pipeline & How remote work has influenced DevSecOps adoption

Agenda

10:00-11:00

How Amazon Does Development

Harry Mower, Amazon Web Services
Read more…››
10:00-11:00

How Amazon Does Development

Harry Mower, Amazon Web Services
Harry Mower
GM – AWS DevOps Tools, Amazon Web Services
11:00-12:00

Software Supply Chain from Code to Production and Back

Maciej Mensfeld, WhiteSource Marina Segal, Sysdig Eilam Milner, Argon Security
Read more…››
11:00-12:00

Software Supply Chain from Code to Production and Back

Maciej Mensfeld, WhiteSource | Marina Segal, Sysdig | Eilam Milner, Argon Security

Growing usage of open-source software does not come without a price. The dependence of modern software on open source components opened the opportunity to exploit such software using the open-source components. This session should arm you with enough knowledge of the risks and countermeasures to avoid losing the race.

Maciej Mensfeld
Senior Product Manager, WhiteSource
Marina Segal
Director of Product Management, Sysdig
Eilam Milner
Co-Founder & CTO, Argon Security
12:00-12:45

Zoom 0-Day: How Not to Handle a Vulnerability Report

Jonathan Leitschuh, Gradle Inc.
Read more…››
12:00-12:45

Zoom 0-Day: How Not to Handle a Vulnerability Report

Jonathan Leitschuh, Gradle Inc.

On July 8th, 2019, a bombshell 0-Day vulnerability was dropped on Zoom Inc that disclosed how anyone could maliciously join a victim’s Mac to a call with their video camera active simply by visiting a malicious website. Additionally, Zoom left behind a hidden daemon that would re-install the Zoom client after it had been uninstalled. It was later discovered that this “feature” could be abused to allow remote code execution. In this talk, I’ll discuss my communications with Zoom’s security team and the reasoning behind what led to my decision to resort to 0-Day disclosure. Additionally, we’ll walk through the post-disclosure timeline around how this vulnerability went from bad to worse, requiring the Apple security team to step in and use MRT to resolve this vulnerability.

Jonathan Leitschuh
Security Software Engineer, Gradle Inc.
12:45-13:30

Sensible Open Source Risk Management in Enterprises

Rhys Arkins, WhiteSource Eric Tice, Wipro Ricardo Sueiras, AWS
Read more…››
12:45-13:30

Sensible Open Source Risk Management in Enterprises

Rhys Arkins, WhiteSource | Eric Tice, Wipro | Ricardo Sueiras, AWS

Many organizations find it challenging, to determine who’s responsible for managing different security risks and for governing the methods and practices to remediate the open-source risks. Investing in industry-proven tools & leveraging the correct tools during the appropriate phases of the SDLC will allow an organization to implement a scalable and reliable open source governance framework, to reduce this risk and potential for compliance-related issues across the enterprise.

Rhys Arkins
Director of Product Management, WhiteSource
Eric Tice
Eric Tice
Director Global Open Source Technical Consulting and COE, Wipro
evangelist-ricardo-sueiras
Ricardo Sueiras
Technical Evangelist, AWS
13:30-14:15

Keep Calm and Protect Your Open Source Projects

Sonya Moisset, Photobox
Read more…››
13:30-14:15

Keep Calm and Protect Your Open Source Projects

Sonya Moisset, Photobox

Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. We can then switch the conversation with the security team from approving each release to approving the CI/CD process and having the ability to monitor and audit the process at any time. In this session, Sonya will be focusing on work done with a Jamstack open source project and showing you how to create a secure continuous integration/continuous deployment pipeline. You’ll learn how GitHub Marketplace helped the team automating and improving their workflow with different tools around accessibility, code coverage, code review, code quality, security, compliance and other functionalities (ChatOps with Slack). You’ll also find out what OWASP is and how to improve the workflow for your own open source projects using GitHub Marketplace applications.

Sonya Moisset
Principal Security Engineer at Photobox, GitHub Star, Epic Women in Cyber/Tech Founder, GirlCode Ambassador, Photobox
14:15-15:00

The Role of App Sec Testing in Securing Your Software Supply Chain

Cindy Blake, GitLab
Read more…››
14:15-15:00

The Role of App Sec Testing in Securing Your Software Supply Chain

Cindy Blake, GitLab

Recent supply chain attacks, along with the U.S. Executive Order on Cybersecurity, have raised the priority of software security. With all eyes on secure coding, how do you ensure proper depth and breadth of app sec testing? How do you meet development deadlines without slowing down for security? This talk will address how to best approach modern software security by automating your CI pipeline for simplicity, visibility, and control.

Cindy Blake
Cindy Blake
Sr Product Marketing Manager and Security Evangelist, GitLab
15:00-15:45

Why Developers Struggle with Application Security

Scott Gerlach, StackHawk
Read more…››
15:00-15:45

Why Developers Struggle with Application Security

Scott Gerlach, StackHawk

We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone – putting the culture, processes, and tooling into place to make this happen is tough. Join StackHawk CSO Scott Gerlach as he shares his triumphs and failures while building DevSecOps practices and tools at companies such as GoDaddy, SendGrid, and Twilio. Dig into specific reasons why developers struggle with AppSec and what you can do to make it work better. Whether you’re a seasoned DevSecOps pro or just starting out, this will be an entertaining (and judgement-free!) talk you won’t want to miss.

Scott Gerlach
Co Founder & CSO, StackHawk
15:45-16:30

Privilege Management, Pipeline Building and Elements of Testing and Validation in AWS

Dave Walker, AWS
Read more…››
15:45-16:30

Privilege Management, Pipeline Building and Elements of Testing and Validation in AWS

Dave Walker, AWS

We discuss recommendations and tools for credential and permission handling in your code running in AWS to facilitate least-access and least-privilege (including privilege bracketing), before looking into tools and techniques you can build into your CI/CD pipelines for code analysis, integrity assurance and penetration testing, and recommendations for how these pipelines can themselves have security checks incorporated in their automated build. We further examine some of the techniques used by AWS for modelling and formal verification of code, and how code builds and model validations can be synchronized.

Dave Walker
Dave Walker
Principal Specialist Solution Architect for Security and Compliance, AWS
16:30-17:15

Secure DevOps: Why is it still important in 2021

Stefania Chaplin, Secure Code Warrior
Read more…››
16:30-17:15

Secure DevOps: Why is it still important in 2021

Stefania Chaplin, Secure Code Warrior

Secure DevOps, DevSecOps, what do these words really mean for your organization? As we evolve to DevOps processes and start to break down the silos between different tribes, where does security fit in and why is it important? Join this session to find out:
* Why Secure DevOps is still important
* Why Changing culture is key
* Where to start, top tips from the field

Stefania Chaplin
Stefania Chaplin
EMEA’s Solution Architect, Secure Code Warrior
17:15-18:00

How Remote Work Has Influenced Adoption of DevSecOps

Jayne Groll, DevOps Institute
Read more…››
17:15-18:00

How Remote Work Has Influenced Adoption of DevSecOps

Jayne Groll, DevOps Institute

As the world pivoted to remote and/or hybrid work environments, the practices and principles of DevSecOps have become more critical. Non-traditional work environments by their nature necessitate a stronger security awareness where security is truefully everyone’s responsibility optimized by automation and collaboration. In particular, developers now need to write, build, secure, deploy and potentially operate their code. This session will explore how a remote workforce has influenced enterprise adoption of DevSecOps from a people, process and automation perspective . The session will also be supported by data from DevOps Institute’s 2021 Upskilling report.

Jayne Groll
Co-Founder and CEO, DevOps Institute

Premium Sponsor

Sponsors & Speakers

secure coding Virtual Summit September 29th 2021

Adventure Park

Virtual Summit
September 29th, 10am – 6pm EST