We are less than a week away from one of the best Application Security conferences of the year, Global AppSec by the OWASP Foundation, which will take place at the Marriott Wardman Park Hotel in Washington DC on September 9-13. With five full days of activities taking place this year, it’s easy to get overwhelmed on where to spend your time. To make things easier for you, I have put together the “5 Must Do Activities at Global AppSec” list to be sure you get the most out of your conference.
#1 - Attend the SSO Wars: The Token Menace session
It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On (SSO) bugs. The last of them were discovered and eradicated some time ago and the world is now living in an era of prosperity while the Auth Federation enjoys peaceful CVE-free times. However, while things seem to be running smoothly, new bugs are brewing at the core of major implementation libraries. This is probably the last chance for the evil empire to launch a world scale attack against the Auth Federation.
Join Micro Focus experts, Alvaro Munoz and Oleksandr Mirosh, from the Software Security Research team and see how they’re winning the war against Single-Sign ON (SSO) bugs! This session takes place on Friday, Sept 13 at 10:30 AM.
#2 – Network
If there are networking events, join them. If there are groups of people sitting around talking, join them. Connect with people. These are your peers. People in the same industry as you, facing the same problems as you. I have never met a single person at a conference that wasn’t happy to exchange information with me and there are quite a few people in which I regularly keep up. Plus, it’s always fun showing up at a conference knowing who might be there and making plans with them. Great things come from networking.
#3 – Visit the Expo Hall
Many people feel like expo halls are just for companies trying to sell you stuff. While this can be true in some cases, it’s also an amazing time to speak to some of the experts behind the leading software you either use or are looking to use. Ask questions, ask for demos, share your problems. These are fantastic opportunities for you to have the full attention of some really smart people. But, if you are only going to visit one booth during the entire show, make sure it’s the Fortify Booth at S2!
Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to cover the entire software development lifecycle.
#4 – Attend the “Building an AppSec Program with OWASP” session
I’ve had the pleasure of seeing this presentation before and it is fantastic, so don’t miss it. Here is some of the session description and how to learn more about it.
Explore the OWASP universe and how to build an application security program with a budget of $0. Experience a practitioner's guide for how to take the most famous OWASP projects and meld them together into a working program. Projects are broken down into awareness/process/tools, with an explanation of the human resources required to make this successful.
#5 – Register for Capture The Flag
How can you make an awesome conference even more fun? By participating in OWASP’s Capture the Flag game. Here are some details for you!
Want to test your skills in identifying web app vulnerabilities? Join OWASP and Security Innovation as attendees compete in CMD+CTRL, a web application cyber range where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense is all about thinking on your feet.
For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard for a chance to win fantastic prizes! CMD+CTRL is ideal for development teams to train and develop skills, but anyone involved in keeping your organization’s data secure can play - from developers to managers and even CISOs.
Stop by and talk to our experts, too!
There you have it! Five very simple things you can do while attending the Global AppSec conference this year to get the most out of the event.
So if you are coming to DC for the conference portion on Sept 12-13, be sure to visit Micro Focus Booth S2 and talk to our experts and learn about Micro Focus Fortify, our end to end application security solution that can help you start testing your apps in a single day
While at our booth, don’t miss your chance to register to win a set of Apple AirPods (Reason #5A - can’t forget about the SWAG!).