AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Keynote Speaker [clear filter]
Thursday, July 5

9:00am BST

The Perimeter Has Been Shattered: Attacking and Defending Mobility and IoT on the Enterprise Network
Limited Capacity seats available

Mobility and the Internet of Things (IoT) have disrupted the corporate enterprise network on the scale that PCs disrupted mainframes in the 1980s.  Yet most enterprises continue to approach security as if though there is still a hard perimeter with nothing but corporate-owned end points running against internal applications. Mobility, however, means employee-owned end points connecting over public carrier networks to cloud applications.  Traditional perimeter security simply doesn’t address this.
From mobile-based phishing to Bluetooth-based attacks, mobile and IoT have fundamentally changed the threat landscape. In this talk we will look at the modern threat landscape, the security controls currently available on the market (such as mobile threat defense and mobile application management), and provide real world examples of how they fall short under simulated attack. Finally, we will look at practical ways to improve enterprise security around mobile and IoT as well as cause the defensive products to evolve to be more robust. 

avatar for Georgia Weidman Keynote Speaker

Georgia Weidman Keynote Speaker

Founder and CTO, Bulb Security LLC
Shevirah founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has... Read More →

Thursday July 5, 2018 9:00am - 9:45am BST
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

4:15pm BST

Winning - the future perspective in the next 20 years!
Limited Capacity seats available

avatar for Andrew van der Stock

Andrew van der Stock

Senior Principal Consultant, Synopsys
Andrew van der Stock is a long-time security researcher and is the current co-lead of the OWASP Top 10 and OWASP Application Security Verification Standard, and is formerly an OWASP Global Board member. Andrew has trained or spoken at many conferences worldwide, including Black Hat... Read More →

Thursday July 5, 2018 4:15pm - 5:00pm BST
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE
Friday, July 6

9:00am BST

XSS is dead. We just don't get it.
Limited Capacity seats available

XSS is about twenty years old by now and appears to be alive and
kicking. JavaScript alerts are still popping left and right and bug
bounty programs are drowning in submissions.

But is XSS really still a problem of our time? Or is it just an undead
foul-smelling zombie vulnerability from the dark ages of string
concatenation that doesn't wanna perish because we are just too fricken

This talk will be an hour-long rant (yes, swearwords, leave your kids at
home), paired with a stroll through the history of XSS and related
issues. We will go back into the year 1998 and see how it all started,
how things developed, what we tried to do against it and how hard we
failed every single time. We will also look at the future and predict
what is about to happen next. Mostly nothing - but good to know, right?

We will not only look at our own failures but also see how the entire
infrastructure and monetization of the web contributed to us being
simply not capable or even just willing to fix XSS. And we might as well
see if any of those behavioral and structural patterns can be compared
to other human failures - and see if there is something we all can
learn. Or, at least, agree that we knew it all along and are all on the
same page.

avatar for Mario Heiderich

Mario Heiderich

Founder, Cure 53
Dr.-Ing. Mario Heiderich, aging but still somewhat handsome heart-breaker, ex-security researcher and now a more or less overpaid secretary is from Berlin, still likes everything between lesser- and greater-than, also fine-food and wine-parings and leads a small yet exquisite pen-test... Read More →

Friday July 6, 2018 9:00am - 9:45am BST
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

4:15pm BST

Perimeter-less: Engineering the future of Defense
Limited Capacity seats available

In this talk, Allison Miller will discuss how today’s defenders are adapting to the new normal of our ever evolving ecosystem -- expanding exposure surfaces, complexity in every corner, continuous change, not to mention bigger big data and badder bad actors -- by focusing on designing and architecting more defensible systems. The modern defender can no longer depend on simple "castle and moat" style tactics, but must craft protections for platforms, applications, and services that operate in real-time at internet scale -- while at the same time protecting millions of customers, transactions, endpoints, and actions on any given day. We'll talk about the models and design approaches that we can add into our arsenals, and the technologies we'll need to launch the practice of defense beyond the perimeter.

avatar for Allison Miller Keynote Speaker

Allison Miller Keynote Speaker

Senior Vice President Engineering, Bank of America
Allison Miller (@selenakyle) leads the engineering efforts for Bank of America's information security organization. With over 15 years of building teams and technology that protect people and platforms, Allison is known for her expertise in designing and implementing real-time risk... Read More →

Friday July 6, 2018 4:15pm - 5:00pm BST
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE