Copy
tl;dr sec is a newsletter about AppSec and scaling security, automated bug finding, conference talk and paper summaries, and useful links from around the web. You can subscribe here and see past issues here.
Hey there,

OWASP AppSec California is one of my favorite security conferences: the talks are great, attendees are friendly, and it takes place right next to the beach in Santa Monica. Not too shabby 😎

One problem I always have, though, is that there are some great talks on the schedule that I end up missing.

So this year I decided to go back and watch all 44 talks from last year’s con, AppSec Cali 2019, and write a detailed summary of their key points.

If I had realized how much time and effort this was going to be at the beginning I probably wouldn’t have done it, but by the time I realized that this endeavor would take hundreds of hours, I was already too deep into it to quit 😅

 

👉 Read the post here



Post Structure


The post starts off with some high level stats, then an overview of the talks (a few line summary per talk), and then a series of detailed summaries, grouped by talk category.



Stats


I discuss them more in the post itself, but here are some charts to whet your appetite, as who doesn't like stats?
 


 

📚 Talk Topics


The talks spanned a variety of topics, here are just a few examples:
  • Areas you'd expect, like threat modeling, web security, containers and Kubernetes security
  • How to be an effective first security hire at a startup
  • How to build a strong AppSec program
  • How to scale security with automation, tooling, and partnerships with developers
  • How to build a positive security culture and make security training fun and engaging
  • Netflix's cloud security defense in depth strategy and how they protect AWS creds
  • How Dropbox protects heterogeneous internal web apps
  • How Slack vets Slack Bots and how Salesforce secures the AppExchange
  • How Salesforce protects user accounts via browser fingerprints and how Pinterest protects accounts whose passwords have leaked in third-party breaches
  • Lessons learned running a cyber warfare exercise with UN diplomats
 


🚀 Check it Out


Read the full post on the blog here 👈

If you'd like to get a quick skim of the contents + some of the key slides/figures, check out my tweetstorm here that describes each talk in 1 tweet each.

If you find the post useful, any likes, RTs, shares, etc. would be much appreciated 🙏



🗨️ Let's Chat


What talk did you like most? Was this a useful format to provide summaries in? What would be more useful?

I'd be happy to chat on Twitter, LinkedIn, on Reddit, or on Hacker News:
 

Thanks for reading!

Cheers,
Clint

@clintgibler
Copyright © 2020 Practical Program Analysis, LLC, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

 






This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
Practical Program Analysis, LLC · 2035 Sunset Lake Rd Ste B2 · Newark, DE 19702-2600 · USA

Email Marketing Powered by Mailchimp