Discover Actionable Security Testing 15+ Experts Reveal Their Top Security Testing Secrets.
Why as a tester you need to know about security
Get Instant Access
Get all the recordings for the 1st annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts that took place May 20-21 2019.
Join for only $197 - Register Now!-
TOP EXPERTS SHARING ACTIONABLE ADVICE
-
LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE
-
awesome COMMUNITY & Support before, during and after event
-
Great Value for Super Low Price
-
TESTER FOCUSED EVENT
Speakers
-
Franziska Buehler
-
Jahmel Harris
-
Jimmy Rabon
-
Adhiran Thirmal
-
Dwayne Thomas
-
Dr. Jared DeMott
-
Dan Billing
-
Dawid Bałut
-
Hasan Yasar
-
Arthur Hicken
-
Vandana Verma
-
Morgan Roman
-
Altaz Valani
- 10:00 am-10:50 am(EDT)
Test your WAF and make it your friend!
Franziska BuehlerVery often, people are afraid of web application firewalls (WAF) because they can potentially block an application's legitimate traffic. This can lead to problems in the production, which, admittedly, are really annoying! However, WAFs are a very useful additional layer of defense when it comes to defending attacks, such as those described by the "OWASP Top Ten".
- 11:00 am-11:50 am(EDT)
Hacker Tools for Developers and Testers. (Adding security tests into the pipeline)
Jahmel HarrisThere are so many awesome hacker tools for hackers out there - things like nmap, nessus and even zap proxy. They work great if you're a pen tester but trying to use these tools in a way that makes sense for development and testing teams can be challenging. In this session, we'll look at how we can use Frida, a tool used by pen testers, to add in security test cases into our Android applications so they are run as part of the CI/CD pipeline.
- 12:30 pm-1:20 pm(EDT)
Do your Pipelines remember? They must if you want to go fast with static analysis
Jimmy RabonAll static analysis tools produce false positives and often require developer context to determine exploitability of a security risk. Automating a static scan is usually straightforward but building automation workflows around SAST findings require that your Pipelines become smarter over time. Optimizing the data provided by SAST tools is an often overlooked aspect to integrating SAST tooling into the CI / CD pipeline but it is required to be successful. Come learn best practices for successful SAST integration and about how machine learning can help us predict the future, based on our past.
- 1:30 pm-2:20 pm(EDT)
How to win over that elusive Developer
Adhiran Thirmaliscover the key to implementing a successful application security testing program is having buy-in from your developers, DevOps and architects.
- 2:30 pm-3:20 pm(EDT)
Switching from QE to Product Security
Dwayne ThomasSwitching Software development team membership to cyber security in less time than it takes for a baby to start blinking. How might one enter the most in-demand field in less time than it takes for a baby to start blinking AKA the third trimester of pregnancy? The trick, of course, is that a little extra time between jobs didn't hurt for interviewing. This presentation only hints at recommendations and is not prescriptive. It willingly suggests that other parts of life keep happening. Other smoke and mirrors are revealed in this talk but... quality time advocating high priority fixes, plowing bug bounty programs, presenting security topics for Toastmasters, searching job sites, informational interviews, meet-ups, and obtaining a CISSP certificate all helped for a just in a time career change.
- 3:30 pm-4:10 pm(EDT)
Roundtable
Dr. Jared DeMott, Dan Billing, Dawid BałutAsk Us Anything About Security
- 10:00 am-10:50 am(EDT)
Challenges in implementing and sustaining DevSecOps environment
Hasan YasarHow to define DevSecOps is a highly-contested topic. Despite what some will lead you to believe, DevOps is not just a set of tools. Nor is it merely a focus on achieving continuous integration, continuous delivery, or continuous deployment. Business values drive DevOps development. Without a DevSecOps mindset, organizations often find their operations, development, and security testing teams working toward a short-sighted incentive while creating their infrastructures, test suites, or product increments. In this talk I will explain DevSecOps, the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.
- 11:00 am-11:50 am(EDT)
Understanding the Most Common Secure Coding Standards in Use Today
Arthur HickenIn this session, Arthur will explain the common secure coding standards in use today.
- 12:30 pm-1:20 pm(EDT)
Cloud Security and the Myths around it
Vandana Verma - 1:30 pm-2:20 pm(EDT)
Integrated Security Testing
Morgan RomanHaving a dedicated suite of continuously run security tests seems out of reach for all but the most mature security programs. Scanners only scratch the surface of your application. Many companies already have integration tests that snake their way deep into their web application, covering nearly every workflow. In this talk, we will use a minimal amount of work to transform these integration tests into a suite of security tests. We will repurpose Selenium integration tests into security tests to search for common web application flaws such as XSS and SQLi with more context than a scanner. These security tests will traverse the web application the same way a real user would. This session is ideal for testers and developers interested in making security testing part of their continuous integration pipeline.
- 2:30 pm-3:20 pm(EDT)
Threat Modeling @ Scale: Moving From the DevOps Pipeline to the Risk Driven Enterprise
Altaz ValaniTraditional Threat Modeling focuses on the determination of security risk in an application. Today, this view is too narrow and does not deliver continual risk-oriented views of an enterprise application portfolio. Instead, we need an automated vertical pipeline (a policy to execution pipeline) that addresses risk by taking policies as the input and delivering DevOps operating procedures as the output.
- 3:30 pm-4:20 pm(EDT)
Successful DevSecOps Evolution
Dawid BałutAlthough most companies are somewhere in the middle and it's hard to really determine the factors that allow them to manage their security operations, there is a lot we can learn by studying the stories of companies that thrive on DevSecOps and those that really struggle to make it work. In my experience, the biggest reason for companies failing to succeed with DevSecOps is that instead of embracing it, they engage in the project with deep resistance because they know they haven't really done their homework and aren't prepared enough to comprehend the big picture perspective.
GET INSTANT ACCESS NOW
Missed the 2019 event? No worries! Get instant access to all the recordings of the 2019 Secure Guild conference that took place on May 20 - 21.
ACCESS NOW - Just $197Why Guild Conferences?
-
TOP EXPERTS SHARING ACTIONABLE ADVICE
We've brought the best speakers in the world to bring you the knowledge you need to stay ahead of the curve in testing.
-
LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE
You need to keep learning. One of the most rewarding ways to do this is by attending conferences. Unfortunately, sometimes it's difficult to make it to a conference due to travel costs, the price of the conference ticket, or your ability to take time off. Save yourself heaps of time by not having to travel to a conference and try to be able to fit it into your busy schedule.
-
awesome COMMUNITY & Support before, during and after event
Get the support you need before, during and after the conference in our private Guild slack channel!
-
Great Value for Super Low Price
Not only do you get top-notch sessions but is all at a super low price. It's a no-brainer and the most cost-effective way to stay up to date with the latest in testing and automation.
-
TESTER FOCUSED EVENT
Made by testers for testers!
100% money back guarantee
The price of this conference is a steal considering the amount of awesomeness you’ll be getting.
We guarantee that you will discover a tip, tool, technique or best practice that will help your testing efforts or your career.
If after viewing all the sessions and the live Q&A you can honestly tell me within 60-days that you received zero value from the Guild we’ll refund your money.
What other conference offers an actual guarantee?
Platinum
Gold
Silver
GET INSTANT ACCESS NOW
Missed the 2019 event? No worries! Get instant access to all the recordings of the 2019 Secure Guild conference that took place on May 20 - 21.
ACCESS NOW - Just $197