"Discover the best
Security Testing Strategies
from the World’s Top Experts!"

Round Secure Guild Logo

Don't miss it! Oct 10-20 2020. Here is why:

Why Security Testing is More Important Now Than Ever

The average cost of a corporate data breach in 2020 is $3.86 million. Information Security will grow by 32% in the next few years, much faster than the average for all occupations. Secure Guild will show you how to save your company millions and increase your earning potential. Learn to be the hero of your team. Register now!

Join for only $197 - Register Now!
  • TOP EXPERTS SHARING ACTIONABLE ADVICE

    Image(item.icon).alt
  • LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

    Image(item.icon).alt
  • awesome COMMUNITY & Support before, during and after event

    Image(item.icon).alt
  • Great Value for Super Low Price

    Image(item.icon).alt
  • TESTER FOCUSED EVENT

    Image(item.icon).alt

Speakers 2020

  • Tanya Janca

    Tanya Janca

  • Royce Davis

    Royce Davis

  • Harinee Muralinath

    Harinee Muralinath

  • Cindy Blake

    Cindy Blake

  • Jahmel Harris

    Jahmel Harris

  • Dale Meredith

    Dale Meredith

  • Harjit Sandhu

    Harjit Sandhu

  • Jimmy Rabon

    Jimmy Rabon

  • Cassie Crossley

    Cassie Crossley

  • Dr. Arash Rahnama

    Dr. Arash Rahnama

  • Arthur Hicken

    Arthur Hicken

  • Hasan Yasar

    Hasan Yasar

  • Mike Spanbauer

    Mike Spanbauer

  • Kiran Kamity

    Kiran Kamity

  • Mike Larkin

    Mike Larkin

Schedule 2020 (All times are in the Eastern Time Zone)

*Speakers and Time Subject to change

Oct 19 - 20

  • 10:00 am - 10:50 pm

    Vulnerable Dependencies - The Toxic Relation

    Harinee Muralinath

    Every code inevitably depends on libraries and other components. They, in turn, have transitive dependencies. Have you wondered, apart from the features, what more do you inherit? What if those libraries are vulnerable? What if they silently inject ways for attackers to misuse your code? How would you ever know if you use vulnerable dependencies? It's not even in your hands! ...Or is it?

  • 11:00 am - 11:50 pm

    How to shift security testing left

    Arthur Hicken

    Most security efforts today rely on late-cycle reactive techniques such as penetration testing. Late testing means that we often find things after than can easily be fixed and is by its nature always trailing behind the newest efforts of the adversaries. Such actions are a necessary part of a secure software lifecycle but have shown that they aren’t up to the task of creating systems that are “Secure-by-design.” To achieve maximum security, we must shift security efforts left and perform them earlier in the software lifecycle. We’ll explore the various techniques like DAST to begin security testing earlier in the cycle, decouple it from physical constraints, and how to move even further left by preventing the code that is vulnerable to attacks in the first place with static analysis based on secure software engineering standards.

  • 12:30 pm - 1:20 pm

    Creating Your Own Hacking Lab

    Dale Meredith

    As a cybersecurity professional, it’s important that you establish a “laboratory” for you to practice your skills and test new vulnerabilities. As with any skill, before you do anything in the real world you need to practice, practice, and then practice some more. The time to learn a new tool or “try something out” isn’t on a live network or an engagement. In this session Dale will present you with different ways to create an environment that you can use to enhance your learning while wearing your “hacker hoodie” (sold separately ;-) ) and keeping your production network safe from harm.

  • 1:30 pm - 2:20 pm

    Using Pre-Production Observability in QA & DevSecOps to Ship Secure Applications

    Kiran Kamity & Mike Larkin

    Security and compliance issues identified after code has been pushed to production are common. Why aren’t these issues caught during pre-production testing or staging? Static code scanning is by no means sufficient. DAST tools haven't changed for 15 years. Observability is the solution. In this session, we will discuss why runtime visibility into your app's security behavior is key, and how to provide seamless ingrained security observability during pre-production testing and DevSecOps using DeepFactor. You’ll leave our discussion armed with the knowledge to immediately leverage pre-production observability with clear, actionable insights to help your dev team consistently deploy secure apps with confidence.

  • 2:30 pm - 3:20 pm

    Intro to AppSec

    Tanya Janca

    In this session, Tanya Janca will teach you the foundations of application security, which is basically how do you ensure you're creating secure software? This is not going to be a super-duper duper advance talk if you know nothing about it -- that's OK. If you already know some stuff about it, Tanya might teach you a couple of new things. Come find out why AppSec is Tanya's complete and total obsession and how it can help you and your team's security efforts.

  • 3:30 pm - 4:20 pm

    Do You Know How to Prioritize Your Open Source Findings?

    Jimmy Rabon

    Listen in and learn how we co-developed “susceptibility analysis”, which allows developers and application security engineers to understand whether a publicly disclosed vulnerability has actually been invoked in your customer code, and more importantly, whether attacker-controlled input reaches that function. No magic, no empty promises, just good research from Sonatype to the patching function and deep dive static analysis from Fortify.

  • 4:30 pm - 5:20 pm

    Integrated Software Bill of Materials (SBoM) into DevSecOps

    Cassie Crossley

    Discover what is Software Bill of Materials (SBoM) and why it's so important as part of your security testing plans.

  • 10:00 am - 10:50 pm

    Learn how to threat model using an interactive board game

    Harjit Sandhu

    The technique of threat modeling is often intimidating to engineers with little or no security experience. Using the open-source board game, I've developed technical and non-technical individuals to explore the concepts of threat modeling without worrying about the detail behind learning the techniques. Players learn about the hacker mindset, gain an understanding of value, and begin to dig into defense in depth using the risk control residual risk methodology. All this before even knowing what threat modeling is. The session ends by looping back over leanings and equating them to the various threat modeling competencies.

  • 11:00 am - 11:50 pm

    Bringing Fuzz Testing to the Mainstream

    Cindy Blake

    Fuzz testing is useful for finding flaws that other security and quality testing methods cannot. But it's been challenging to use. See how GitLab is integrating this powerful technology as an automated byproduct of your CI pipeline.

  • 12:30 pm - 1:20 pm

    How to build DevSecOps Pipeline as Code!

    Hasan Yasar

    You've heard the hype and read dozens of blog posts on DevSecOps. Finally, your organization has decided to make this cultural shift to take advantage of automation and the benefits of DevOps. However, making this shift as an engineering team can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In this talk, I will introduce Microcosm, a miniature, secure DevOps pipeline we developed at the SEI available through infrastructure as code. Microcosm represents a miniature version of a secure DevOps pipeline compared to what you find in a large, enterprise environment. In this talk, I will go through crucial principles DevSecOps pipeline and share our lesson learned examples with the Security community.

  • 1:30 pm - 2:20 pm

    Security in your pocket; Android application security for beginners

    Jahmel Harris

    In this session, we'll be doing a practical example of how we can analyze Android applications for vulnerabilities and the tools that are available to help us. We'll be going beyond vulnerability scanners and looking at how we can manually test for common security issues, including one that won me a not-insignificant amount of money in bug bounties and another that let me see all the user details for an "adult" virtual reality application.

  • 2:30 pm - 3:20 pm

    Attacking AI with Adversarial Inputs and How to Defend against It!

    Dr. Arash Rahnama

    AI models are vulnerable to subtle adversarial disturbances applied to the inputs. These adversarial disturbances, though not noticeable to the human eye, can easily mislead the AI. In this talk, we cover this phenomenon and briefly describe Modzy’s unique solution for defending against adversarial attacks.

  • 3:30 pm - 4:20 pm

    Teach Yourself Penetration Testing: A hands on walkthrough of the Capsulecorp-pentest environment

    Royce Davis

    A hands-on walkthrough of the Capsulecorp-pentest environment. Discover a quick way to stand up a test environment for conducting an internal network penetration test that you can practice your security testing skills against.

  • 4:30 pm - 5:20 pm

    Developing a Security Test Methodology

    Mike Spanbauer

Security Testing Awesomeness

Oct 19 - 20

Join hundreds of fellow security testing engineers at the 2nd annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts. A 2 days online conference you can watch all from the comfort of your home.

Register now!

Why Guild Conferences?

  • TOP EXPERTS SHARING ACTIONABLE ADVICE

    We've brought the best speakers in the world to bring you the knowledge you need to stay ahead of the curve in testing.

  • LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

    You need to keep learning. One of the most rewarding ways to do this is by attending conferences. Unfortunately, sometimes it's difficult to make it to a conference due to travel costs, the price of the conference ticket, or your ability to take time off. Save yourself heaps of time by not having to travel to a conference and try to be able to fit it into your busy schedule.

  • awesome COMMUNITY & Support before, during and after event

    Get the support you need before, during and after the conference in our private Guild slack channel!

  • Great Value for Super Low Price

    Not only do you get top-notch sessions but is all at a super low price. It's a no-brainer and the most cost-effective way to stay up to date with the latest in testing and automation.

  • TESTER FOCUSED EVENT

    Made by testers for testers!

100% money back guarantee

The price of this conference is a steal considering the amount of awesomeness you’ll be getting.

We guarantee that you will discover a tip, tool, technique or best practice that will help your testing efforts or your career.

If after viewing all the sessions and the live Q&A you can honestly tell me within 60-days that you received zero value from the Guild we’ll refund your money.

What other conference offers an actual guarantee?

Awesome Sponsors for 2020

Platinum

Gold

Media

Are you looking to sponsor us? Request info here

Security Testing Awesomeness

Oct 19 - 20

Join hundreds of fellow security testing engineers at the 2nd annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts. A 2 days online conference you can watch all from the comfort of your home.

Register now!