The third installment in the Improve series, Improve: Security is a one-day virtual event that will focus on how organizations can improve the security of their applications and systems through best practices, training and tooling.
Topics include:
Advancing your Zero Trust Maturity for Applications and Workloads
You Didn't Forget to (Actually) Secure Your GraphQL APIs, Did You?
Do You Trust the Apps and Devices You’re Using?
Emerging Application Security Risks in the Age of AI and How to Cope With Them
Supply Chain Security
And more!
Jason Garbis
Founder
Numberline Security
Zero Trust provides demonstrably better security as well as clear business benefits. However, too often it’s not viewed as a strategic business initiative, resulting in reduced value and lost opportunity. Jason Garbis, Principal and Founder of Numberline Security, explains how Zero Trust helps the business by reducing costs, streamlining compliance efforts, improving efficiency, and growing revenue to obtain buy-in (and perhaps even enthusiasm) from budget-holders and line-of-business stakeholders to give AppDev and Security teams the resiliency and agility to be successful.
Shahar Binyamin
CEO and Co-founder
Inigo
Make no mistake about it: threat actors are bent on hunting down, attacking, and exploiting your GraphQL APIs. But understanding exactly how these actors go about recognizing where your GraphQL APIs reside—and how their attacks proceed—can put you on the right road to attack-thwarting countermeasures. Attendees of this Improve: Security session will learn the techniques attackers use to gather information on your GraphQL APIs, the telltale anomalous behavior associated with that reconnaissance, and how to surface threats and block those attack paths before exploits occur.
Ilya Dreytser
Head of Customer Engineering
Quokka
Do you trust the Google & Apple store vetting processes too much? This session will cover the current threat landscape associated with mobile apps and mobile devices. Get an understanding of the security & privacy risks, how it compares to other popular apps, and risks baked into the devices that you purchase. Leave with a better grasp of the issues at hand and resources that can help you address them. We will deep dive into specific examples of real mobile apps with actual problems, and a discussion on how this affects real users and the implications of privacy on security.
Reed McGinley-Stempel
CEO and Co-founder
Stytch
Security risks that teams need to be thoughtful of – most notably, increased phishing complexity and bot attacks on sites create risks for all apps in a post-AI world given the new tools and advantages these tools provide to attackers. Application developers need to be aware of these risks and take actions such as improving their bot detection and incorporating phishing-resistant authentication methods (e.g. passkeys) to protect their applications and customers from abuse.
Mikaël Barbero
Head of Security
The Eclipse Foundation
What steps need to be taken to mitigate the ever-evolving risk represented by open source software supply chains? What is the government’s role in this process? What level of investment will be required by the global open source ecosystem including projects, foundations, and organizations to make significant progress?
This presentation will provide an overview of the issues facing the global economy in securing open source software, the challenges facing developer teams interested in deploying open source software safely, best practices on how developer teams can contribute to the global effort to secure the software supply chain, and, perhaps most importantly, what long-term processes need to be implemented to bring this issue under control.
David A. Wheeler
Director of Open Source Supply Chain Security
The Linux Foundation
Organizations often try to configure insecure software into secure software or repeatedly apply yet another patch for the same kind of vulnerability as the last ones. There's a better way. This talk will provide a summary of how developers can develop far more secure software - what you *should* have been told in school, but weren’t. We'll discuss secure design principles, common vulnerabilities and how to prevent them, and verification techniques to detect vulnerabilities before the software is shipped. We'll also discuss various free tools to help you, focusing on what's available from the Open Source Security Foundation (OpenSSF) such as guides, OpenSSF Scorecard, and the OpenSSF Best Practices badge.
Karl Altern
Principal Data Governance Program Manager
Domo
The allure of Generative AI is undeniable, yet so are its risks when it encounters enterprise-sensitive data. Dive deep with Karl Altern, an authority in data governance, as he unveils the hidden dangers, demonstrates how to shield vital information, and sets forth best practices in Generative AI data security.
Aaron Lord
Senior Director Analyst
Gartner
DevSecOps is the integration and automation of security and compliance testing into agile IT and DevOps development pipelines, as seamlessly and transparently as possible, without reducing the agility or speed of developers or requiring them to leave their development toolchain. Ideally, offerings provide security visibility and protection at runtime as well.
This presentation will answer the following questions:
1) What is DevSecOps?
2) What are the top barriers in achieving good security outcomes?
3) How do we ensure effective security integration into DevOps?