Securing Your Software Supply Chain One Open Source Project at a Time

Presented by: Lori Lorusso

Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package...

Tags: Security, DevOps, CI/CDFormat: General SessionLevel: Introductory and overview

Building Relationships for Better Security

Presented by: Darylynn Ross

It's 2024 and software engineering teams and security teams are still struggling to figure out how we can all just get along. Engineering teams are commonly frustrated and annoyed at all the extraneous stuff security wants them to do. And security teams are commonly frustrated with the lack of...

Tags: Security, Soft Skills, LeadershipFormat: General SessionLevel: Introductory and overview

What Does Security Look Like When Building AI?

Presented by: Robert Herbig

Anyone who is working with AI or considering doing so should care about security. When considering building an AI-powered system or product, the traditional attack surfaces and mitigations still apply. However, new attack surfaces can be present depending on the specific AI approaches used. In...

Tags: Programming Principles, Security, Machine LearningFormat: General SessionLevel: Introductory and overview

Writing Secure APIs - A Look at the OWASP 2023 API Top 10 List

Presented by: Darylynn Ross

OWASP published a new API top 10 list in July of 2023. There are some old favorites hanging around (I'm looking at you Authentication) and some new comers like Server Side Request Forgery and Unrestricted Access to Sensitive Business Flows. This session will cover the new top 10 list and take a...

Tags: Programming Principles, Security, Code QualityFormat: General SessionLevel: Introductory and overview

Practical Auth(entication|orization) for Developers

Presented by: Seth Petry-Johnson

It's never been easier to launch a website or expose services over HTTP. It's also never been easier to make rookie mistakes in the authentication of those services. ...

Tags: Programming Principles, SecurityFormat: General SessionLevel: Introductory and overview

Developing kids in tech - a retrospective

Presented by: Bill Sempf

Your humble speaker has spent the last eighteen years devising, researching, and implementing ways to get kids into tech. Between Scouting, advising friends, KidzMash, and my own Thing 1 and Thing 2, I have accumulated a rather dramatic list of ideas that do and do not work. Programming, social...

Tags: Python, Security, LeadershipFormat: General SessionLevel: Introductory and overview