DEV Community

Vickie Li for ShiftLeft

Posted on • Originally published at on

AppSec Conference: Shifting Left 2.0

Sessions to watch for developers and hackers

Photo by Austin Distel on Unsplash

Here at ShiftLeft, we are gearing up for Shifting Left 2.0, a two-day application security conference for developers and security practitioners on June 22–23, 2021. It has something security-related for everyone: dev team leaders, application security folks, and the developers who are ready to become security champions.

Here are a few sessions I am most excited about and what you should attend if you are a developer or a hacker. The conference is split into two days: June 22nd and June 23rd. All session times are in PDT. Now let’s get into it!

A Fireside Chat — How to Measure the Success of Your AppSec Program ( June 22nd 1:05 PM — 2:05 PM)

With Arun Balakrishnan of ShiftLeft, Paolo del Mundo of The Motley Fool, Andra Lezza of Bulb, and Jimmy Xu of Trace 3.

Modern DevOps practices have changed the requirements of today’s AppSec programs. During this discussion, the panelists will exchange methods for measuring the success of their AppSec programs and the steps they’ve taken to improve them.

Intro to Code Analysis (June 23rd 10:10 AM — 10:40 AM)

With Vickie Li of ShiftLeft and Suchakra Sharma of ShiftLeft.

Writing code is hard. Writing secure code is even harder. Serious security vulnerabilities often stem from small programming mistakes. As developers, we can safeguard our applications by catching these mistakes in our own code. Performing a source code review is one of the best ways to find security issues in code. But how do you do it? In this talk, Suchakra and I will go through the basics of how to review your code for vulnerabilities and some tactics for performing an effective security code review on your application.

Beating the OWASP Benchmark (June 23rd 12:00 PM — 12:30 PM)

With Suchakra Sharma of ShiftLeft and Preetam Jinka of Shift Left.

The OWASP Benchmark project is an OWASP initiative designed to measure the accuracy of security scanners. But how does it work? In this talk, Preetam and Suchakra test ShiftLeft’s SAST tool against the OWASP Benchmark and discuss what the benchmark score of a product means, and how you should evaluate a security scanner.

What Is Lurking in Your Source Code? (June 23rd 12:35 PM — 1:05 PM)

With Bruce Rosenthal of Exelon and Kit Wetzler of Shift Left.

Join this discussion between Bruce Rosenthal, Principal IT Security Architect at Exelon, and Kit Wetzler, VP of Sales at ShiftLeft. Bruce and Kit will discuss the implications of the recent supply chain attacks and what it means for organizations around the world. They will also explore other issues of concern to security teams such as insider attacks and what those teams can do for mitigation.

Why Every Member of Your Development Team Should Be a Security Expert (and How to Get There) (June 23rd 1:05 PM — 1:35 PM)

With Malcolm McDonald of Hacksplaining.

Lastly, I trust that I am not the only one when I say I am a big fan of the Hacksplaining website. In this talk, the creator of Hacksplaining, Malcolm McDonald, will speak about the pitfalls of researching security issues on the internet, and show how focused security training can make all the difference. We will also be giving away copies of Malcolm’s book: Web Security for Developers throughout the conference.

Shifting Left: 2.0 is entirely online and free to register here. See you there!

Discussion (0)