Track: Security: Lessons Learned From Being Pwned
Day of week:
The Cyber is the Abominable Snow Monster chasing you down your perfect ski run. People get eaten by The Cyber every week. Most talk endlessly about the ever more ways it has developed of coming out of nowhere at and ruining your metaphorical SkiFree highscore. Instead, we talk about the times we almost got eaten whole, and, together we will learn how to fight it.
by Josh Schwartz
Director of Offensive Security @Salesforce
It is easy to think that securing a product relies on writing code without vulnerabilities and it's true that this is a very important aspect, but a secure product relies on more than just the code written. To an attacker every aspect involved in the development process, from the human element to the build pipeline, is fair game. In this talk we'll take a candid look at the real tactics, with examples, used to compromise and backdoor seemingly secure products by...
by David Rook
Head of Application Security @RiotGames
In this talk, David will give you an overview of the Riot Games Application Security program. The talk will focus on the tech and social aspects of the program and why David feels both are important when it comes to writing secure code.
Specifically David will talk about how we define Application Security at Riot, how we’ve grown to meet the demands of our fast paced engineering organisation, why we’ve hired software engineers into our team and the tools we’ve developed to help...
by Wim Remes
CEO/Principal Consultant @NRJSecurity & Board Member (ISC)²
You know how it goes. There is always someone that finds out how to break all the hard work you and your team have put in developing a kick-ass application. Nobody likes to receive security bug reports but they are a reality we have to deal with. Penetration testers, bug bounty programs, independent researchers, and security incidents all provide us with invaluable information to develop better code. The question then becomes what we do with what we learned and...
by Joe DeMesy
Security Associate @BishopFox
Authors: Shubs Shah, Matt Bryant, and Joe DeMesy
The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone client-side containers, all the while security has remained an afterthought. In this talk we will demonstrate a new class of attacks, that can be leveraged to exploit...
by Thomas Shadwell
Security Engineer @Twitch
An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore how distinct, exploitable misuse patterns arise in software languages, and through example in Go – in particular a quietly prevalent and worryingly effective denial of service attack on Go systems affecting the Go toolchain itself – hope to begin greater discourse on the language's distinct security characteristics.
Architecting for Failure
Building fault tolerate systems that are truly resilient
Architectures You've Always Wondered about
QCon classic track. You know the names. Hear their lessons and challenges.
Modern Distributed Architectures
Migrating, deploying, and realizing modern cloud architecture.
Fast & Furious: Ad Serving, Finance, & Performance
Learn some of the tips and technicals of high speed, low latency systems in Ad Serving and Finance
Java - Performance, Patterns and Predictions
Skills embracing the evolution of Java (multi-core, cloud, modularity) and reenforcing core platform fundamentals (performance, concurrency, ubiquity).
Performance myths that need busting and the tools & techniques to get there
Dark Code: The Legacy/Tech Debt Dilemma
How do you evolve your code and modernize your architecture when you're stuck with part legacy code and technical debt? Lessons from the trenches.
Modern CS in the Real World
Applied, practical, & real-world dive into industry adoption of modern CS ideas
Modern Learning Systems
Real world use of the latest machine learning technologies in production environments
Containers - State Of The Art
What is the state of the art, what's next, & other interesting questions on containers.
Data Engineering : Where the Rubber meets the Road in Data Science
Science does not imply engineering. Engineering tools and techniques for Data Scientists
Observability Done Right: Automating Insight & Software Telemetry
Tools, practices, and methods to know what your system is doing
Practical Cryptography & Blockchains: Beyond the Hype
Looking past the hype of blockchain technologies, alternate title: Weaselfree Cryptography & Blockchain
Workhorse Languages, Not Called Java
Workhorse languages not called Java.
Security: Lessons Learned From Being Pwned
How Attackers Think. Penetration testing techniques, exploits, toolsets, and skills of software hackers
Engineering Culture @ <insert cool company names here>
Culture, Organization Structure, Modern Agile War Stories
Softskills: Essential Skills for Developers
Skills for the developer in the workplace