New York City this year played host to AppSec USA, the premier security conference hosted by the Open Web Application Security Project (OWASP), an open-source, not-for-profit application security organization. In the heart of NYC, the Marriot Marquis is located among all the lights and glamour that is Times Square.
The first two days of the conference opens with an array of training classes, covering topics from mobile application security to running an application security program leveraging OpenSource tools. One of the highlights of the training schedule was definitely the “Web Application Defender’s Cookbook: Live”. Many resources are spent on the ethical hacking of web applications and there is no shortage of classes, blogs, webinars, training material to assist with such, however, there are far fewer resources for the defenders. Based on the book “Web Application Defender’s Cookbook: Battling Hackers and Protecting Users” by Ryan Barnett, Mr. Barnett also conducted the class.
Days three and four of the conference were packed with presentations, open-mic sessions and panels. A lot of content was amazingly worked into this 48-hour schedule. Industry thought leaders and practitioners alike shared their experiences, knowledge and projections. I personally enjoyed and have to tip my hat to Kenneth Lee on his presentation Build but don’t break: Lessons in Implementing HTTP Security Headers (http://appsecusa.org/2013/wp-content/uploads/2013/12/Security-Headers.pdf). One of the most insightful hands on looks at applied application security, Kenneth’s presentation was filled with practical and tried methods for securing a web application in an agile, hostile ( retail web apps have large bulls eyes on their backs) environment . A nod to his team at Etsy as well.
Not to be 4 days of learning and seriousness, AppSec also held a number of fun filled events. There was AppSec Jeopardy, CTF, A Lock Picking Village, networking cocktails and our very own AppSec comedian. The AppSec Boart if you will. All-in-all the event was a huge success and one not to be missed. The local NYC-NJ chapter, led by Tom Brennan have outdone themselves this year. I would be remiss in not mentioning all of the hard work by the selfless volunteers that made the conference a success. Led by Sarah Baso the entire volunteer team deserves a very honorable mention.
About the Author:
Gabriel Gumbs | Managing Director at Whitehat Security | @GabrielGumbs
As Managing Director, Solutions Architecture at WhiteHat Security, Gabriel drives the evolution of enterprise clients businesses, organizational and internal program development. An accomplished security professional and IT Manager with 14 years of experience spanning multiple disciplines, Gabriel currently focuses his efforts in the world of Application Security.