It’s 2018, and we are haunted by the same vulnerabilities from more than a decade ago.  

Organizations of all sizes still struggle with very common vulnerabilities like command injection, XSS, and insecure direct object reference … despite an abundance of code scanners on the market. The OWASP Top 10 is quickly becoming irrelevant because it has barely changed in the last several years.

This is one of the most pressing issues for CISOs and there is no definitive solution. AppSec isn’t a product you can buy, it isn’t even a state that you can achieve. There is no how-to guide for application security.

But there are some qualities shared by successful AppSec programs. This talk will provide security managers and directors who struggle with application security a better understanding of those common elements and answer some questions, such as:

  • What are some of the critical functions of an AppSec program?
  • Will that work in my <insert buzzword SDLC here> environment?
  • Okay, so where do I start?

Senior Security Associate Joe Ward will present Anatomy of an AppSec Program; OR How to Stop Deploying Shoddy Code to Production Systems at 11:00 AM on September 29, 2018.

Register for CactusCon today (it's free for paper badge and access to talks/workshops) and/or consider volunteering.

CactusCon is the largest annual hacker and security conference in Arizona and this year is expected to attract 800+ attendees from throughout the entire country. This year's conference will feature talks on topics such as red teaming, cryptomining, AWS, training just to name a few. Workshops will feature web hacking, cryptography, powershell scripts, and more. CactusCon Kids is a separate area with learning activities for ages 8-17.

You can read more about Joe Ward and his start in the cybersecurity world in our My Path to Security blog series.