2019 BASC Homepage

Welcome
This is the homepage for the 2019 Boston Application Security Conference (BASC). Conference will take place 8:30am to 6:30pm on Saturday, October 19th at
 * Location: 5 Wayside Road Burlington, MA

The BASC will be a free*, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide-array of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time.

NOTE: * Some workshops and training may have a separate fee.

Registration
Register Here

Registration is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited.

You may also register for one or more workshops, but workshop tickets are limited. Please be considerate of others and only register for a workshop if you plan to attend. If your plans change, please cancel your ticket to free the space up for others. Do not sign up for more than one session of the same workshop, or for workshops whose times overlap. If you do, conference organizers will cancel your ticket orders.

Keynotes
'''The Internet Sucks. Should we replace it?'''

Andy Ellis, Akamai



50 years into the Internet, it’s become very clear that there are virtually no security goals designed into the underpinnings of the Internet, and even higher level protocols suffer from this lack. As a result, existing on the Internet makes the Wild West look like a tame environment. Should we attempt to redesign the Internet, and make it secure by default? Let’s explore the dystopian world of an alternate Internet, and see why the Internet we have might actually be the best Internet we could hope for.

Andy Ellis is Akamai’s Chief Security Officer, and his mission is “making the Internet suck less.” Governing cybersecurity, compliance, and safety for Akamai’s planetary-scale cloud platform since 2000, he has also designed and brought to market Akamai’s TLS acceleration network, its DDoS defense offerings, and several of the core technologies behind its security solutions. Andy has also guided Akamai’s IT transformation from a flat password-based network to a distributed, zero-trust enterprise based on strong authentication.

Andy is a graduate of MIT with a degree in computer science, and has served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

Also active in Internet policy and governance circles, Andy has supported past and present Akamai CEOs in roles on the NIAC and NSTAC, as well as serving on the FCC’s Communications Security, Reliability, and Interoperability Council. He is an affiliate of Harvard’s Berkman Klein Center, and a guest lecturer in executive education at MIT and the Harvard Kennedy School. He is a frequent speaker on topics of Internet security, anthropocentric risk management, and security governance; and occasionally blogs at www.csoandy.com. He can be found on Twitter as @csoandy, where he discusses security, wine, American football, and hairstyling.

Andy is also an Advisor to YL Ventures’ YLV3 Fund, Uptycs, and Vulcan Cyber.

Andy has received The Spirit of Disneyland Award, The Wine Spectator’s Award of Excellence (as The Arlington Inn), the US Air Force Commendation Medal, and the CSO Compass Award.

Sandcastles in a Storm: Application Vulnerabilities and how they weaken our organizations

Kevin Johnson, Secure Ideas



In this presentation Kevin will walk through some of the issues we face as we move more and more of our life into applications and the Internet of Things. We will explore the vulnerabilities, how they are attacked, and what it means to all of us.

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group)

Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.

Details

 * Presentations
 * Workshops
 * Speakers
 * Agenda
 * Twitter: Follow @BASConf @OWASPBoston HashTag: #basc2019

OWASP Boston Chapter
BASC is presented by the OWASP Boston chapter.