Recommended Conference Talks
How Leading Companies are Scaling Their Security
A collection of practical, actionable security automation pro-tips, based on an extensive survey of existing DevSecOps research combined with in-person conversations with AppSec engineers at companies with mature security programs.
Lessons Learned from the DevSecOps Trenches
Clint moderated a panel of AppSec professionals experienced in security automation discussing their lessons learned, best practices, mistakes they’ve made, and more. Panel members included senior security leaders from Dropbox, Netflix, Datadog, DocuSign, and Snap.
DevSecOps State of the Union
Summarizes and distills the unique tips and tricks, lessons learned, and tools discussed in a vast number of blog posts and conference talks over the past few years, and combines it with knowledge gained from in-person discussions with AppSec engineers at a number of companies with mature security teams. This talk references 40 other excellent talks in 30 minutes.
Automated Bug Finding in Practice
A nice introduction and overview of automated bug finding techniques, covering the strengths, weaknesses and best use cases for leveraging several approaches. We discuss static and dynamic taint analysis, symbolic execution, fuzzing, and combining symbolic execution and fuzzing.
Clint is a co-founder of Practical Program Analysis, LLC.
By day, Clint is a Technical Director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups.
Clint has previously spoken at conferences including BlackHat USA, AppSec USA, and AppSec EU. Clint holds a Ph.D. in Computer Science from the University of California, Davis.
Daniel is a co-founder of Practical Program Analysis, LLC. By day, Daniel is an Assistant Professor of Computer Science at Southern Oregon University. His research interests are in program analysis, security, and machine learning on code. He has built automated tools that have found bugs in the Linux kernel and OpenSSL.
Daniel holds a Ph.D. in Computer Science from the University of California, Davis.
We believe that security professionals have a moral obligation to build systems that are safe by default, respect privacy by default, and cannot be used for surveillance or censorship.
We share our research publicly, because that’s the best way for the industry to move forward. Together.
We believe that security tools can be fast, intuitive to use, and make intelligent security professionals vastly more productive.
We believe that security tools should be accessible to a broad audience, not prohibitively expensive, and should be designed with extensibility and customizability in mind.
Finally, we find joy in understanding the core of how and why things work, prototyping whacky tool ideas simply because we can, and doing our best to leave a positive mark on the world.
Keep in Touch
We write about:
- Application security, scaling security and DevSecOps.
- Automated bug finding (static and dynamic analysis, fuzzing, etc.)
- Summaries of current security research, from industry and academic conferences.
- Evaluating open source and commercial security tools - tips and tricks on using them, how they work, and potential gotchas.
- How to build your own custom security tools.
Enter your email below and we’ll let you know when we publish something new.
You can read our prior newsletters here.