*Save vs. DEX - Building An Agile Security Process*Developers have been increa

1. *Save vs. DEX - Building An Agile Security Process*
2.  
3. Developers have been increasing the number and speed of their releases using Agile processes. In this session you will go on a quest to help integrate solid application security controls into Agile development processes to ensure that the developers are not just shipping more security bugs faster.
4.  
5. You will obtain an overview of multiple Agile development methodologies, learn the inflection points where security can be added into the processes and how to effectively ensure a secure codebase in a fast paced development environment.
6.  
7. Additionally, you will learn how to incorporate Agile principles into security processes to make your own teams more nimble and effective.
8.  
9.  
10.  
11. *Pilots, Surgeons and Developers - Improving Application Security With Checklists*
12.  
13. Multiple studies have shown measurable reductions in risk and improved outcomes in both aviation and medicine when participants follow well documented, basic processes enforced with lightweight checklists. Using a checklist ensures that common risks are consistently eliminated or minimized and reduces regressions.
14.  
15. In this session you will build an application security checklist customized for your specific technology needs. The checklist you build can be used by development, operations and/or security teams to improve the application security posture of your applications and minimize the risk of releasing vulnerabilities into production.
16.  
17.  
18. *Reverse Engineering Android Applications*
19.  
20. Smartphone apps are still an expanding market. Many developers are writing apps and a number of us are not writing them well. Mobile applications can contain a number of security vulnerabilities, some common across many application styles and some that are unique to the mobile ecosystem.
21.  
22. In this session you will learn the various techniques bad guys can use to extract information from your compiled Android mobile applications and, how that information can be used to compromise both your users and your backend systems. You will learn techniques you can use to harden your applications to be more resistant against attackers.
23.  
24.  
25. *Levers, Pulleys and Inclined Planes - Multiply Your Application Security Skills With Tools*
26.  
27. For millennia humanity has overcome limited strength, agility and senses by creating, using and improving tools. Developers have continued that evolution by taking advantage of a rich ecosystem of productivity enhancing tools and utilities.
28.  
29. As development cycles continue to tighten, you may find yourself faced with the choice of slowing down to match the pace of classic patterns of application security tool use or forging ahead without even minimal security validation of your code.
30.  
31. This session will open a third path: easy integration of security tooling directly into your pipeline. Come and see how modern security tooling can fit into your development, build and deployment process.
32.  
33. Using the right tooling in the right way can improve your code quality, system stability and make sure your company does not go bankrupt from security breaches, all without slowing you down or blowing up your budget. While there are good commercial tools (and some that are not so good) we will primarily focus on open source or freely available tools that you can easily integrate into your development process.
34.  
35.  
36. *Secure Application Design and Development With Threat Modeling*
37.  
38. Building a secure and stable application requires more than just memorizing a list of vulnerabilities. Modern applications contain a multitude of moving parts and security needs to be built in from the beginning. In this session we will review techniques to ensure that you are building the most secure application possible so that your users also benefit from the improved performance and stability benefits that come from a well designed application.
39.  
40. By building a threat model describing the various components of your application and how data flows through it you will be better prepared to defend your application from attacks, improve the performance and scalability of your application and have some great assets to easily bring new developers up to speed on all the parts of your application.
41.  
42. We will dive into threat modeling and show how it provides tools to find and fix application vulnerabilities by building a threat model and working through analysis exercises.