Los Angeles/2017 Meetings

---December 2017,

---November 2017,

---September 2017, ---August 2017,

---July 2017,

---June 2017,

---May 2017,

---April 2017,

---March 22,2017, Symantec Offices, Culver City

Speaker: Jeff Williams A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Topic: Turning Security into Code with Dynamic Binary Instrumentation

AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.

---February 2017,

---January 2017,