- tl;dr sec
- Posts
- [tl;dr sec] #20 - What I Learned Watching All 44 AppSec Cali 2019 Talks
[tl;dr sec] #20 - What I Learned Watching All 44 AppSec Cali 2019 Talks
What I Learned Watching All 44 AppSec Cali 2019 Talks
tl;dr sec is a newsletter about AppSec and scaling security, automated bug finding, conference talk and paper summaries, and useful links from around the web. You can subscribe here and see past issues here.
Hey there,
OWASP AppSec California is one of my favorite security conferences: the talks are great, attendees are friendly, and it takes place right next to the beach in Santa Monica. Not too shabby π
One problem I always have, though, is that there are some great talks on the schedule that I end up missing.
So this year I decided to go back and watch all 44 talks from last yearβs con, AppSec Cali 2019, and write a detailed summary of their key points.
If I had realized how much time and effort this was going to be at the beginning I probably wouldnβt have done it, but by the time I realized that this endeavor would take hundreds of hours, I was already too deep into it to quit π
π Read the post here
Post Structure
The post starts off with some high level
stats
, then an
overview
of the talks (a few line summary per talk), and then a series of detailed summaries, grouped by talk category.
Stats
I discuss them more in the post itself, but here are some charts to whet your appetite, as who doesn't like stats?
π Talk Topics
The talks spanned a variety of topics, here are just a few examples:
Areas you'd expect, like threat modeling, web security, containers and Kubernetes security
How to be an effective first security hire at a startup
How to build a strong AppSec program
How to scale security with automation, tooling, and partnerships with developers
How to build a positive security culture and make security training fun and engaging
Netflix's cloud security defense in depth strategy and how they protect AWS creds
How Dropbox protects heterogeneous internal web apps
How Slack vets Slack Bots and how Salesforce secures the AppExchange
How Salesforce protects user accounts via browser fingerprints and how Pinterest protects accounts whose passwords have leaked in third-party breaches
Lessons learned running a cyber warfare exercise with UN diplomats
π Check it Out
Read the
If you'd like to get a quick skim of the contents + some of the key slides/figures, check out my
I watched all 44 @owasp@AppSecCali 2019 talks (~32 hours of video) and wrote detailed summaries for you π
Learn about #DevSecOps, scaling security, threat modeling, building a security program, & more.
tldrsec.com/blog/appsec-caβ¦
β Clint Gibler (@clintgibler)
4:20 PM β’ Jan 16, 2020
that describes each talk in 1 tweet each.
If you find the post useful, any likes, RTs, shares, etc. would be much appreciated
π
π¨οΈ Let's Chat
What talk did you like most? Was this a useful format to provide summaries in? What would be more useful?
I'd be happy to chat on
I watched all 44 @owasp@AppSecCali 2019 talks (~32 hours of video) and wrote detailed summaries for you π
Learn about #DevSecOps, scaling security, threat modeling, building a security program, & more.
tldrsec.com/blog/appsec-caβ¦
β Clint Gibler (@clintgibler)
4:20 PM β’ Jan 16, 2020
,
, on Reddit, or on
:
Thanks for reading!
Cheers,
Clint