DevOps & Security

Wednesday, November 17, 2021

- CST
OPEN TALK: Developer-First DAST: The Missing Tool in Your AppSec Toolkit
Join on Hopin
Oliver Moradov
Oliver Moradov
NeuraLegion, VP

To truly scale application security testing, developers need to maintain their role in the security process beyond SCA and SAST, continuing the automation you are already achieving and rely less on manual testing.

Traditional DAST scanners are a blocker to this automation. They are hard to use, impossible to integrate, not developer friendly and produce too many false positives. This results in crippling human bottlenecks that stifle CI/CD, whether it's the need for security to constantly tweak scanners or the drain of manually validating vulnerabilities.

Either way, technical and security debt is compounded, resulting in insecure product hitting production. Change is needed, and fast.

In this session with you will discover:

1. Key features that your dev-first DAST needs to enable developers to take ownership of security

2. How you can detect, prioritise and remediate security issues early, automated in the pipeline

3. Insights into reducing the noise of false alerts to remove your manual bottlenecks to shift left

4. Steps you can take to achieve security testing automation as part of your CI/CD, to test your applications and APIs.

- CST
What I Wish I Knew about Security When I Started Programming
Join on Hopin
Allon Mureinik
Allon Mureinik
Synopsys, Senior Manager

Eighteen years into my career, I decided to pivot and move from infrastructure-related work to the world of application security. If there’s one thing I’ve learned in the three years of working in application security is that it’s a funny business. Our entire business model is based on pointing out the mistakes of other programmers. In this talk, I want to shoot myself in the foot and share some concepts that could help eliminate a lot of those mistakes, and reduce my job to snuffing out the more interesting mistakes.

- CST
OPEN TALK: Optimize Non-coding Time
Join on Hopin
Ori Keren
Ori Keren
LinearB, CEO and Founder

This talk is unique because 99% of developer productivity tools and hacks are about coding faster, better, smarter. And yet the vast majority of our time is spent doing all of this other stuff. After I started focusing on optimizing the 10 hours I spend every day on non-coding tasks, I found I my productivity went up and my frustration at annoying stuff went way down.
I cover how to save time by reducing cognitive load and by cutting menial, non-coding tasks that we have to perform 10-50 times every day.
For example:
-Bug or hotfix comes through and you want to start working on it right away so you create a branch and start fixing. What you don’t do is create a Jira ticket but then later your boss/PM/CSM yells at your due to lack of visibility. I share how I automated ticket creation in Slack by correlating Github to Jira.

-You have 20 minutes until your next meeting and you open a pull request and start a review. But you get pulled away half way through and when you come back the next day you forgot everything and have to start over. Huge waste of time. I share an ML job I wrote that tells me how long the review will take so I can pick PRs that fit the amount of time I have.

-You build. You ship it. You own it. Great. But after I merge my code I never know where it actually is. Did the CI job fail? Is it release under feature flag? Did it just go GA to everyone? I share a bot I wrote that personally tells me where my code is in the pipeline after it leaves my hands so I can actually take full ownership without spending tons of time figuring out what code is in what release.

- CST
OPEN TALK: Next Generation Crash Reporting for Mobile Apps and Games
Join on Hopin
Vincent Lussenburg
Vincent Lussenburg
Backtrace (A Sauce Labs Company), Technical Product Manager

Explore the relationship between customer satisfaction and handling app hangs, errors and crashes.

In this session, we'll explain how Backtrace’s next generation crash reporting can ensure top-app rankings through advanced monitoring and how to integrate Backtrace in your existing Android and iOS apps.

Key takeaways:
- How to manage app errors, hangs and crashes - and why
- Understand the unique challenges for mobile app monitoring and reporting
- Learn how Backtrace simplifies mobile crash management

- CST
"OPEN TALK: Using Machine Learning on Logs to Find Root Cause Faster"
Join on Hopin
Gavin Cohen
Gavin Cohen
Zebrium, VP Product

There are many ways to tell when your application breaks. But figuring out what caused it to break is slow and tedious as engineers hunt through logs and dashboards, piecing together the details of what happened.

Fortunately, unsupervised machine learning can speed-up the process. It works by automatically finding the log events and metrics that describe the root cause, and it uses GPT-3 to provide a plain language summary of the problem.

- CST
Flying Blind? - The Case for API Security and Observability
Join on Hopin
John Jeremiah
John Jeremiah
Traceable AI, Director

The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, microservices, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.

In this new fog, we are basically “flying blind”. Modern applications are extremely hard to secure and protect as they are complex and continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again?

In this session you’ll learn:
Why are we flying blind
4 key areas to focus on to stop flying blind
A way to get started quickly (for free!)

For more information on Traceable AI, visit us at: www.traceable.ai

- CST
OPEN TALK: Introducing "Continuous Design/Continuous Integration"
Join on Hopin
Ivan Huerta
Ivan Huerta
Parabeac, Founder & CEO

Introducing Continuous Design/Continuous Integration Agile processes have become mature contributors to the evolution of developer operations for the build to deploy stage, but what about design? After all, creating the user interface typically takes up to 60% of the total development time, easily representing the most attractive opportunity since Agile itself to redefine how apps are built. Not only is it an enormous expense, but mistakes between designers & developers can impact an app well after launch. Since design is now largely digitized it seems like a no-brainer to build automated conversion tools that integrate designer/developer workflow into what we could call “Continuous Design/Continuous Integration”. So where are they? In this talk, Parabeac CEO Ivan Huerta describes the reasons why it is much harder than you might expect, and what CD/CI would need to look like to be truly functional. Ivan outlines the major challenges that have kept CD/CI from coming to fruition and the new pathways within which CD/CI tools could now be on the near horizon. He predicts how the CD/CI market may present itself over time, and what the substantial and surprising long-term impact might be. Agile gave adaptive energy to the build and deploy stages of app development. CD/CI simply extends that backward to include the design stage as well. But when CD/CI platforms become an integral part of automating developer workflows, the reduction in development costs may only be a small part of the story compared to CD/CI’s impact on the transformation of traditional developer roles. Ivan closes his talk with a discussion of the potential implications of that transformation. A more detailed outline of the talk is available on request.

- CST
OPEN TALK: Congrats, You’re Containerized! How Much Tech Debt Do You Now Have to Pay Off?
Join on Hopin
Eric Smalling
Eric Smalling
Snyk, Senior Developer Advocate

Looking into the trade-offs a lot of teams make to move into containers and Kubernetes and how they should plan to address those that keep them from the velocity they are seeking... and make sure they do so securely.

Thursday, November 18, 2021

- CST
How an Immutable Database can Benefit Your Data-Driven Application
Join on Hopin
Paul Gauvreau
Paul Gauvreau
Blockpoint Systems, Founder & CEO

Security is becoming a more prevalent issue every day, especially for young companies and developers looking to manage and update their applications.Ultimately, almost every application uses a database. However, traditional SQL systems are dated and lack out-of-the-box solutions for building clear audit trails, validating record integrity, and analyzing historical versions of the data.This talk will overview Blockpoint's Immutable, SQL compliant database management system, MDB, and how using an immutable database can benefit your data-driven applications.

- CST
Digital Banking an Austin Fintech's Evolution
Join on Hopin
Todd Ginsberg
Todd Ginsberg
Netspend, Platform Architect
Keven Coggin
Keven Coggin
Netspend, Director of Application Development
Laura Pearce
Laura Pearce
Netspend, Director of Product Management - Embedded Finance
Kalpana Mullapudi
Kalpana Mullapudi
Netspend, Technical Director
- CST
OPEN TALK: Indexes vs. Histograms to Speed Up Database Searches
Join on Hopin
Dave Stokes
Dave Stokes
Oracle, MySQL Community Manager

Nobody complains that the database is too fast. But when things slow down they do complain. The two most popular ways of speeding up queries in a relational database are indexes and histograms, This talks covers when to use one over the other, how to properly construct an index, where histograms fail, and much more.

- CST
Breaking Into Blockchain Development with JavaScript
Join on Hopin
Christopher Swenor
Christopher Swenor
Reach Platform, CEO

We are introducing a way for JavaScript developers to build decentralized apps on any blockchain using familiar syntax: JavaScript! Frontend is compatible with React, Vue and Go.