AppSec USA 2016 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Keynote [clear filter]
Thursday, October 13


Keynote - Software Supply Chain Lifecycle Management: Reducing Attack Vectors and Enabling Rugged DevOps
As the cyber threat landscape evolves and as software dependencies grow more complex, understanding and managing risk in the software supply chain is more critical than ever, and it must focus on the entire lifecycle that includes development, acquisition, and DevOps.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices.  With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine 'fitness for use' and trustworthiness in terms of quality, security, safety, and licensing.  Application vulnerability correlation and management should leverage automated means for detecting threat indicators, weaknesses, vulnerabilities, and exploits.  Using standards-based automation also enables the exchange of information internally and externally with vendors in the global supply chain for IoT/ICT products.  Addressing supply chain dependencies throughout the lifecycle enables enterprises to harden their attack surface by:  comprehensively identifying exploit targets; understanding how assets are attacked, and providing more responsive course of action mitigations.

avatar for Joe Jarzombek

Joe Jarzombek

Joe Jarzombek is the former Director for Software Assurance in the National Cyber Security Division of the U.S. Department of Homeland Security (DHS). He led government inter-agency efforts with industry, academia, and standards organizations to shift the security paradigm away from... Read More →

Thursday October 13, 2016 8:00am - 9:00am
Grand Ball Room Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001


Keynote - The Less Hacked Path
Since the dawn of the Internet and the Web, a broad series of hacking attack vectors have descended. Malicious hackers, researchers, and governments have demonstrated and deployed these attacks onto computers, mobile devices, and nuclear power plants. While we continue to build sophisticated technology to defend against many of these attacks, a new field of exciting research is taking place that uses side channels, physics, and low cost tools to employ powerful attacks against modern technology. We'll explore some of these fascinating, and often secretive, methods and how you can use them or secure against them.

avatar for Samy Kamkar

Samy Kamkar

Samy Kamkar is a privacy and security researcher, computer hacker, whistle blower and entrepreneur. At the age of 16, Kamkar dropped out of high school and one year later, co-founded Fonality, a unified communications company based on open source software, which raised over $46 million... Read More →

Thursday October 13, 2016 5:00pm - 6:00pm
Grand Ball Room Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001
Friday, October 14


Keynote - Cryptography in the age of Heartbleed
The past decade has seen an unprecedented number of high-profile data breaches. To address this threat, businesses have begun to invest heavily in encryption technologies, both to protect data and to reduce liability in the event of a breach. However, the widespread deployment of encryption has placed a new burden on application developers, a burden that is made worse by the fact that many of our existing protocols and software libraries are themselves flawed. In this talk I will discuss the problems facing both cryptographers and application developers who implement cryptography. I will focus on where we stand with making cryptography easy to use; recent vulnerabilities in some of the protocols that power the secure web; and the challenging problem of securing cryptographic software against sophisticated nation-state attackers. 

avatar for Matthew Green

Matthew Green

Dr. Matthew Green, a respected cryptographer and security technologist, has over fifteen years of industry experience in computer security. Dr. Green is an Assistant Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography... Read More →

Friday October 14, 2016 8:00am - 9:00am
Grand Ball Room Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001


Keynote - What does winning look like?
avatar for Dan Geer

Dan Geer

Dan Geer is currently the CISO for In-Q-Tel, a not-for-profit investment firm that works to invest in technology that supports the missions of the Central Intelligence Agency and the broader U.S. intelligence community. Looking at just a few of his accomplishments, Geer was a key... Read More →

Friday October 14, 2016 5:00pm - 6:00pm
Grand Ball Room Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001