Bryan Payne provides a clear understanding of different types of attackers, their skill sets, and how compromises happen, with a specific focus on protecting cloud-based applications.
This talk covers the classic profiler features. What is a hotspot? What is the difference between sampling and instrumentation from the profiler perspective? What are the problems with those methods?
S. Ghosemajumder reviews the evolution of AI based security attacks that imitate the actions of real people, and looks at how they are changing the nature of developing online applications securely.
John Field and Shawn McKinney examine the security of a typical Java web application and describe 5 common application security architecture patterns taken from real world customer problems.
Will Tran talks about the authentication and authorization scenarios that one may encounter once he starts building out microservices.
Bill Sempf discusses security in the context of the SDLC, presenting the analysis results from reviewing several code sources, the problems found and the corresponding solutions.
Josh Bregman explores some of the security challenges created by both the development workflow and application runtime, why SecDevOps 1.0 is insufficient, and how SecDevOps 2.0 can help.
Eleanor McHugh shares insights on digital privacy, encouraging others to gather the minimum information possible about their users in order to serve their needs.
Paul Moreno shows how to federate AWS IAM permissions, roles, and users with a directory service such as LDAP or Active Directory with an Identity Provider.
Rich Smith discusses the progressive approaches taken by the Etsy security team to provide security while not destroying the freedoms of the Etsy engineering culture that are loved so much.
Alex Holden examines hackers’ techniques, skills, and shortfalls. He takes a snapshot of the current threat landscape and derives practical lessons by analyzing a number of high profile breaches.
Michael Brunton-Spall shows how DevOps-like patterns can be applied on microservices to give the development teams more responsibility for their choices, and much more.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Introducing Intel® SGX - Hardware Assisted Security for the Application Layer.
Numecent, Bromium, and wolfSSL employ Intel® Software Guard Extensions (Intel® SGX) to create more secure, next-generation solutions.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.
Protect Application Code, Data, & Secrets from Attack.
CPU-enhanced Application Security Product Brief.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.