Bill Sempf discusses security in the context of the SDLC, presenting the analysis results from reviewing several code sources, the problems found and the corresponding solutions.
Josh Bregman explores some of the security challenges created by both the development workflow and application runtime, why SecDevOps 1.0 is insufficient, and how SecDevOps 2.0 can help.
Eleanor McHugh shares insights on digital privacy, encouraging others to gather the minimum information possible about their users in order to serve their needs.
Paul Moreno shows how to federate AWS IAM permissions, roles, and users with a directory service such as LDAP or Active Directory with an Identity Provider.
Rich Smith discusses the progressive approaches taken by the Etsy security team to provide security while not destroying the freedoms of the Etsy engineering culture that are loved so much.
Alex Holden examines hackers’ techniques, skills, and shortfalls. He takes a snapshot of the current threat landscape and derives practical lessons by analyzing a number of high profile breaches.
Michael Brunton-Spall shows how DevOps-like patterns can be applied on microservices to give the development teams more responsibility for their choices, and much more.
Anil Madhavapeddy describes how to design and build "deploy-and-forget" cloud services that are specialized into unikernels, single-address space virtual machines.
Paul Glavich discusses design decisions to be made when building a new API regarding versioning, hypermedia usage, authentication and other aspects.
Mini-talks: The Machine Intelligence Landscape: A Venture Capital Perspective. The future of global, trustless transactions on the largest graph: blockchain. Algorithms for Anti-Money Laundering
Troy Hunt explain how to discover the vulnerabilities of one’s own APIs, identifying common security anti-patterns.
Paul Fremantle explores the challenges of security for IoT, including reviewing some existing attacks and predicting others, hardware, software, network and cloud attacks.