Shift-left sounds great—catch issues early, save time, empower devs—but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.
Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was ran. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.
This talk explores the discovery of a long-standing CSRF (Cross-Site Request Forgery) vulnerability in the popular gorilla/csrf Go library. The goal is to encourage the audience to perform vulnerability research experiments in their own commonly used tools.
Using cryptography solves certain problems but adds a new challenge: key management. This talk explores how various key types require different management approaches, then walks though an example of securing a long-lived code-signing key in an HSM, with a look at operational burdens and pitfalls.
Discover how the Cyberhaven breach case exposed critical Shadow IT risks—and the proactive allowlist strategy that minimized business disruption. The proactive controls saved our 40M+ users from being impacted. Gain insights, metrics, and a blueprint for continuous monitoring
Attackers making money from MY 2FA? It's more likely than you think! SMS is a common 2FA method but creates risk: International Revenue Share Fraud, inflating SMS traffic to siphon revenue. Attendees will learn how to detect and mitigate IRSF with Cloudflare, OpenAI, and Datadog.
