Tuesday, August 27, 2024 | |||
---|---|---|---|
Introduction and Fireside Chat | Supercharging application security with AI: A Fireside Chat with Caleb Sima | Join us for an insightful fireside chat between Application Security Weekly host Mike Shema and Caleb Sima, Chair of CSA AI Security Initiative, as they delve into the transformative impact of AI on the cybersecurity landscape, with a focus on application security. As AI continues to advance, it is poised to revolutionize how we address security challenges in terms of context, coverage, and communication. This discussion will explore the fundamentals of AI, highlighting its learning processes and potential to emulate human cognition more closely over time. We’ll examine the current state of AI technologies and their imminent advancements, including enhanced context awareness, autonomous evolution, and localized intelligence. Sima will provide his expert perspective on how these AI advancements will reshape the enterprise, particularly in application security. From AI-powered vulnerability management and self-documenting code to automated security reporting and improved communication through AI-driven ChatOps, the potential benefits are vast. Don’t miss this opportunity to gain a deeper understanding of AI’s role in application security and its potential to revolutionize the way we approach cybersecurity challenges. | Mike Shema - Application Security Weekly Caleb Sima - CSA AI Security Initiative | |
Breakout Session | Unsolved Problems in Application Security | The discipline of application security has evolved tremendously since the founding of OWASP in 2001. As software development methodologies, languages and ecosystems have advanced, AppSec has often struggled to keep pace with innovation, leading to a persistent gap between the velocity of software and the ability to understand and mitigate the risk it introduces. Some foundational issues, like reliable software composition analysis (SCA), have now been largely solved by the industry. Others, such as runtime-based reachability detection, are on the cusp of providing a tremendous leap forward to AppSec practitioners. But certain thorny problems, like software attestation, risk-based prioritization, SAST accuracy, and DAST correlation, remain elusive. Join Snyk, the leader in Developer Security, for a wide-ranging discussion of the current state of application risk management and the unsolved issues that still limit the full potential of developer-focused security, including:
| Clinton Herget - Snyk | |
Panel Discussion | Application security in the news: Strategies to mitigate the growing attack surface | Join Application Security Weekly host Mike Shema for a virtual panel discussion on recent news headlines where application vulnerabilities played a role in data breach incidents. The panel will focus on what security teams need to be doing to get a better handle on application security. We’ll analyze the recent headlines that highlight key factors contributing to the growing attack surface, from the rapid proliferation of applications and services to the intricacies of cloud environments and DevOps practices. Our panelists will delve into the most prevalent vulnerabilities making news, their potential impacts, and the critical need for proactive measures. Learn how to prioritize and tackle application vulnerabilities through a comprehensive approach that includes rigorous security testing, continuous monitoring, and timely patch management. Discover the role of automation and AI in enhancing vulnerability management, and gain insights into best practices for integrating security into the development lifecycle. This panel will also discuss the importance of cross-functional collaboration between security teams, developers, and operations to ensure a unified and resilient defense strategy. By focusing on these key areas, your organization can effectively mitigate the growing attack surface and safeguard against future threats. Don’t miss this opportunity to gain actionable knowledge and expert guidance on strengthening your application security efforts. Join us to learn how to stay ahead of attackers and protect your enterprise in an increasingly complex digital landscape. | Matt Cerny - Integra Life Sciences Jessica Hoffman - City of Philadelphia Mike Shema - Application Security Weekly | |
A CISO’s Perspective on AI, Appsec, and Changing Behaviors | Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the importance of communication for security teams. | Paul Davis Mike Shema - Application Security Weekly | |
Breakout Session | Future-Proofing Your SDLC: Empowering Devs & Securing Apps with Snyk | Discover the seamless integration of a developer-first security platform into the modern SDLC, empowering developers to build securely from the start, while giving security teams the ability to prioritize business-critical risk with complete visibility and comprehensive controls. Now more than ever, you don't want to be left vulnerable, explore why a future-proof AppSec partner is essential in the face of emerging threats.
| Ryan Frazier - Snyk | |
Pop Quiz, Hot Shot: Are You up to Speed on API Security? | It's not quite as life-or-death as keeping a bus full of innocent civilians at a speed above 50 mph, but staying ahead of security threats is crucial to prevent catastrophic breaches that can be incredibly disruptive to today's digital ways of life. Modern application security is a high-stakes game of keeping your systems running smoothly while avoiding the bumps, disruptions and outages that can be caused by API vulnerabilities. In this fireside chat with Corey J. Ball from APISecUniversity, we'll navigate the twists and turns involved in identifying and mitigating API vulnerabilities. We'll discuss how to identify and defuse potential threats before they explode into serious incidents, equip you with the skills and techniques to maintain control under pressure and ensure your applications reach their destination safely. Buckle up, because this conversation will put you in the driver's seat of API security excellence! | Dustin Sachs - CyberRisk Alliance Corey Ball - Moss Adams |