DevSecOps & Enterprise Security

Tuesday, December 7, 2021

- PST
Stay Ahead of the Game: Automate Your Threat Hunting Workflows
Join on Hopin
Christopher Van Der Made
Christopher Van Der Made
Cisco, Security Developer Advocate

It is very important nowadays to stay up to date with all of the cyber threats that are posing all over the world. It is widely known that there are not enough resources to be found to fill up every Security Operation Center (i.e. SOC). Therefore, many organizations struggle with coping with the massive amount of new type of attacks and generated alerts from their tooling.During this session, you will learn how to hunt (and automate your hunt) for active cyber threats in your environment and contain them using integrated connections to network, endpoint, and cloud products. This session is targeted at SOC management, cyber security engineers, threat hunters, and analysts. It will touch on threat detection, investigation and response. All the code will be made available after the session.

- PST
OPEN TALK: How Data From Penetration Tests Can Help You Understand, Fix, And Prevent Security Bugs
Join on Hopin
Nick Terkay
Nick Terkay
Cobalt, Director of Engineering, Customer Experience

Penetration tests can give developers invaluable information on what issues slip past their reviews. Not only that, they can give clues on big-picture questions like “Do we have a wider design problem with user authorization?” or “Are we making repeat mistakes from one test to the next? Why?”

Rather than a lengthy to-do list, findings from a penetration test can be a collection of metrics you can track to improve the quality of your code, and the performance of your team. In this session, I’ll walk you through the most common metrics in penetration test reports, and map them to the questions they can help answer: from finding the bug, to fixing and preventing it.

- PST
5 Tips for Navigating API Security Noise
Join on Hopin
Lebin Cheng
Lebin Cheng
Imperva, Head of API Security, Office of the CTO

APIs are the data fabrics connecting modern applications. While it is a powerful tool for Dev and DevOps, it has also become a new attack surface for bad actors to gain access to sensitive data. Many existing API security solutions today are so inflexible and rule driven that they risk slowing down the development process. Lebin Cheng, Imperva’s Head of API Security, will help you navigate through the API Security noise with insights on:DevSecOps does not mean Dev and Sec need to slow each other down. How automated SecOps can speed up Dev and DevOps? What is the right DevSecOps approach to implement API Security?First hand insight into how a DigitalFirst organization took the first steps towards DevSecOps API Security, and how you can too?Other DevSecOps best practices.

- PST
OPEN TALK: Infrastructure as Code for Cloud Security
Join on Hopin
Josh Stella
Josh Stella
Fugue, Co-Founder, CEO and CTO

Cloud engineers need tools that help them check that the infrastructure as code templates they’re developing adhere with all applicable industry compliance standards and custom security policies. And the organization needs to ensure their developers are using those tools, and that they’re using the correct policies.In this session, Josh Stella will talk about how to establish effective, efficient, and consistent IaC security, which is critical to preventing cloud misconfiguration vulnerabilities from reaching the runtime without slowing teams down. But if teams are using a completely different system and set of policies for checking the runtime for security and compliance, things start to fall apart.  He will review: -How to prevent Critical vulnerabilities from slipping through the cracks -How to use policies to govern your cloud environment -Suggestions on how to prioritize and remediate issues

- PST
OPEN TALK: How Your Applications Are under Attack - Struts 2 Vulnerability
Join on Hopin
Austin Becker
Austin Becker
Sonatype, Solutions Engineer

This session will include information about how popular open source has become and how it is driving innovation for enterprises in today's market. Open source allows enterprises to get value to market faster, and ensure the survival of many businesses. But open source software (OSS) has recently been an attack vector and focus for cybercrime syndicates. How can you protect yourself? What are you up against? We will also cover how the Struts2 vulnerability, a common java OSS component, led to the attack and breach of several financial institutions. In this workshop, we will set up the Struts2 application and walk through not only how to exploit it, but also how to protect yourself from this attack.