Spring Cyber Solutions Fest 2024: DevSecOps & Application Security Track

The idea of DevOps, the term the industry had initially decided on for the work between the Application and Operations teams, was coined 15 years ago. To give perspective, the iPhone 3GS came out that year. If we think of what we had to work with in 2009, we now know in hindsight that we have better options, solutions, software, and patterns.

Here are a few questions we will be reviewing during this track:

  • How has DevOps and Application Security changed since then?
  • Where do we fit?
  • Should we be more or less hopeful?

We think we are in a much better place and in this forum, we will show you how it’s become better. Join the DevSecOps & Application Security Track to listen to a curated list of talks to help stimulate thought and actionable solutions for you to implement in your organization.

Forum Highlights: 

  • Discover how industry leading technologies and techniques can enhance your ability to better secure you development and application environments 
  • Learn from industry leaders as they dive into cutting-edge use case studies and specific examples
  • Interact with SANS chair Moses Frost, speakers and peers in the interactive Slack workspace by posting questions and discussing the forum topic 

STOP, there's more!

  • Check out our other featured tracks to gain more valuable content + earn additional CPE credits --> LEARN MORE
  • Get connected with our event chairs, guest speakers, and fellow attendees for our 2024 events --> GET CONNECTED

Placeholder_Image_(2).jpg

Thank You to Our Sponsors

Cyborg Security LogoLacework_Logo.pngPrisma_Cloud_logos_RGB_Horizontal_(4).pngNEW.pnglogo.jpg

Agenda | April 19, 2024 | 10:00AM-1:45 PM EDT

Timeline
(EDT)

Session Description

10:00 AM

Kickoff & Welcome

Moses Frost, Event Chair, SANS Instructor

10:20 AM

Session One | Navigating the Application Security Landscape

In an era dominated by digital innovation, application security (AppSec) stands as a critical frontier in safeguarding organizations from evolving cyber threats. Join us for a comprehensive exploration of the current AppSec landscape. We'll unpack emerging threats, common vulnerabilities, and the ever-evolving world of application security. You’ll learn practical tips to help you establish guardrails and proactively address top AppSec risks in your organization.

In this webinar, you will:

- Understand the wide range of AppSec risks, including everything from common vulnerabilities to sophisticated exploits.

- Explore real-world scenarios to learn practical insights into overcoming common AppSec challenges.

- Learn how to align security practices with agile development methodologies, ensuring security is not a bottleneck, but rather an integral part of the development lifecycle.

- See how cutting-edge technologies enhance AppSec best practices and enable teams to keep pace with the dynamic nature of application threats.

Stephen Giguere, Developer Advocate, Prisma Cloud by Palo Alto Networks

10:50 AM

Session Two | Infiltration & Betrayal: When Trusted Software Turns Rogue

Software is the largest under addressed attack surface impacting enterprises, where exploiting commercial software undermines trust in essential business tools. With software supply chain attacks up over 1000%, hackers are exploiting gaps in the development of commercial, proprietary, and third-party code, impacting producers and enterprise consumers alike. This impacts software producers and their enterprise buyers alike.

But despite this, organizations can protect themselves by understanding attack methods, identifying vulnerabilities in software supply chains, and enforcing stringent checks.

Join us as Matt Rose, Field CISO for ReversingLabs, covers how enterprises can understand and predict the vectors of attacks, identify any weak links in software supply chains, and implement truly rigorous checks and balances.

- Understand Software Supply Chain Attacks: Examine the intricacies of software supply chain attacks orchestrated and why legacy SAST, SCA, and DAST solutions won’t stop them

- Investigate High-Profile Breaches: Understand the SolarWinds, 3CX, and CircleCI incidents in detail, understanding the ‘how’ and the ripple effects of these attacks.

- Know When Your Software is Malware: Learn how RL Spectra Assure identifies malware and tampering software development and procurement.

Joshua Knox, Sr. Technical Product Manager, ReversingLabs

11:20 AM

Session Three | Compromised Credentials in 2024: What to Know About the World’s #1 Attack Vector

Credentials, made up of passwords and usernames, serve as the keys to our online existence. According to Lastpass, professionals manage up to 200 sets of credentials on average, emphasizing the need for strong, unique passwords that are regularly updated. When credentials are compromised, cyber attackers gain frictionless entry into sensitive systems and can often move laterally to find your crown jewels.

Attend this webinar to understand:

- Execution methods behind compromised credential attacks

- What the bad actors do with stolen identities

- Preventative best practices to implement today

Tim Chase, Global Field CISO, Lacework

11:50 AM

Break

12:00 PM

Keynote Session | Cyber Oddities: A Lighthearted Look at 2023's Most Bizarre Cybersecurity Moments

What's a great way to break up a conference focused on the VERY serious subject of defending against threat actors and cyber attacks? Let's laugh about them! Join Gianna Whitver and Oscar Burns as they delve into the most outlandish and ridiculous cyber news of last year. This interactive and podcast-style keynote will offer a comedic yet informative review of the year's strangest incidents, trends, and stories in the cyber world. Expect entertainment, surprising revelations, and a jaunt through the lighter side of cybersecurity!

Speakers:

Gianna Whitver, Co-Founder, Cyber Marketing Society

Oscar Burns, Global Field Manager, GitGuardian

1:00 PM

Session Four | Building better AppSec programs with ASPM

Application security professionals are struggling. The transition to agile, DevOps, cloud, and the growing use of AI is empowering distributed development teams to build software with greater speed and autonomy. In contrast to the remarkable strides in development methodologies, AppSec teams are still playing catchup, both outnumbered and out-resourced. Given all these challenges, is it truly possible to “master” AppSec?

We will review the foundations of AppSec program building and key concepts. We will also introduce ASPM (Application Security Posture Management) its core principles, and how AppSec practitioners and leaders can apply them in order to build, manage and scale a risk-based AppSec program.

Jim Armstrong, Senior Director, Product Marketing, Snyk

1:30 PM

Closing Remarks

Moses Frost, Event Chair, SANS Instructor