Discover Actionable Security Testing 15+ Experts Reveal Their Top Security Testing Secrets.

Round Secure Guild Logo

Why as a tester you need to know about security

Get Instant Access

Get all the recordings for the 1st annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts that took place May 20-21 2019.

Join for only $197 - Register Now!
  • EXPERTS FROM AROUND THE WORLD

    Image(item.icon).alt
  • LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

    Image(item.icon).alt
  • COMMUNITY (Support before, during and after event)

    Image(item.icon).alt
  • AFFORDABILITY

    Image(item.icon).alt

Speakers

  • Franziska Buehler

    Franziska Buehler

  • Jahmel Harris

    Jahmel Harris

    Jahmel (Jay) is a security researcher and hacker and co-founder of Digital Interruption.

  • Jimmy Rabon

    Jimmy Rabon

    Director of Product Management at Micro Focus. Former Senior Fortify Product Manager.

  • Adhiran Thirmal

    Adhiran Thirmal

  • Dwayne Thomas

    Dwayne Thomas

  • Dr. Jared DeMott

    Dr. Jared DeMott

  • Dan Billing

    Dan Billing

  • Dawid Bałut

    Dawid Bałut

  • Hasan Yasar

    Hasan Yasar

    Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU.

  • Arthur Hicken

    Arthur Hicken

    Arthur Hicken has been involved in automating various practices at Parasoft for over 20 years.

  • Vandana Verma

    Vandana Verma

  • Morgan Roman

    Morgan Roman

  • Altaz Valani

    Altaz Valani

  • 10:00 am-10:50 am(EDT)

    Test your WAF and make it your friend!

    Franziska Buehler

    Very often, people are afraid of web application firewalls (WAF) because they can potentially block an application's legitimate traffic. This can lead to problems in the production, which, admittedly, are really annoying! However, WAFs are a very useful additional layer of defense when it comes to defending attacks, such as those described by the "OWASP Top Ten".

  • 11:00 am-11:50 am(EDT)

    Hacker Tools for Developers and Testers. (Adding security tests into the pipeline)

    Jahmel Harris

    There are so many awesome hacker tools for hackers out there - things like nmap, nessus and even zap proxy. They work great if you're a pen tester but trying to use these tools in a way that makes sense for development and testing teams can be challenging. In this session, we'll look at how we can use Frida, a tool used by pen testers, to add in security test cases into our Android applications so they are run as part of the CI/CD pipeline.

  • 12:30 pm-1:20 pm(EDT)

    Do your Pipelines remember? They must if you want to go fast with static analysis

    Jimmy Rabon

    All static analysis tools produce false positives and often require developer context to determine exploitability of a security risk. Automating a static scan is usually straightforward but building automation workflows around SAST findings require that your Pipelines become smarter over time. Optimizing the data provided by SAST tools is an often overlooked aspect to integrating SAST tooling into the CI / CD pipeline but it is required to be successful. Come learn best practices for successful SAST integration and about how machine learning can help us predict the future, based on our past.

  • 1:30 pm-2:20 pm(EDT)

    How to win over that elusive Developer

    Adhiran Thirmal

    iscover the key to implementing a successful application security testing program is having buy-in from your developers, DevOps and architects.

  • 2:30 pm-3:20 pm(EDT)

    Switching from QE to Product Security

    Dwayne Thomas

    Switching Software development team membership to cyber security in less time than it takes for a baby to start blinking. How might one enter the most in-demand field in less time than it takes for a baby to start blinking AKA the third trimester of pregnancy? The trick, of course, is that a little extra time between jobs didn't hurt for interviewing. This presentation only hints at recommendations and is not prescriptive. It willingly suggests that other parts of life keep happening. Other smoke and mirrors are revealed in this talk but... quality time advocating high priority fixes, plowing bug bounty programs, presenting security topics for Toastmasters, searching job sites, informational interviews, meet-ups, and obtaining a CISSP certificate all helped for a just in a time career change.

  • 3:30 pm-4:10 pm(EDT)

    Roundtable

    Dr. Jared DeMott, Dan Billing, Dawid Bałut

    Ask Us Anything About Security

  • 10:00 am-10:50 am(EDT)

    Challenges in implementing and sustaining DevSecOps environment

    Hasan Yasar

    How to define DevSecOps is a highly-contested topic. Despite what some will lead you to believe, DevOps is not just a set of tools. Nor is it merely a focus on achieving continuous integration, continuous delivery, or continuous deployment. Business values drive DevOps development. Without a DevSecOps mindset, organizations often find their operations, development, and security testing teams working toward a short-sighted incentive while creating their infrastructures, test suites, or product increments. In this talk I will explain DevSecOps, the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.

  • 11:00 am-11:50 am(EDT)

    Understanding the Most Common Secure Coding Standards in Use Today

    Arthur Hicken

    In this session, Arthur will explain the common secure coding standards in use today.

  • 12:30 pm-1:20 pm(EDT)

    Cloud Security and the Myths around it

    Vandana Verma

  • 1:30 pm-2:20 pm(EDT)

    Integrated Security Testing

    Morgan Roman

    Having a dedicated suite of continuously run security tests seems out of reach for all but the most mature security programs. Scanners only scratch the surface of your application. Many companies already have integration tests that snake their way deep into their web application, covering nearly every workflow. In this talk, we will use a minimal amount of work to transform these integration tests into a suite of security tests. We will repurpose Selenium integration tests into security tests to search for common web application flaws such as XSS and SQLi with more context than a scanner. These security tests will traverse the web application the same way a real user would. This session is ideal for testers and developers interested in making security testing part of their continuous integration pipeline.

  • 2:30 pm-3:20 pm(EDT)

    Threat Modeling @ Scale: Moving From the DevOps Pipeline to the Risk Driven Enterprise

    Altaz Valani

    Traditional Threat Modeling focuses on the determination of security risk in an application. Today, this view is too narrow and does not deliver continual risk-oriented views of an enterprise application portfolio. Instead, we need an automated vertical pipeline (a policy to execution pipeline) that addresses risk by taking policies as the input and delivering DevOps operating procedures as the output.

  • 3:30 pm-4:20 pm(EDT)

    Successful DevSecOps Evolution

    Dawid Bałut

    Although most companies are somewhere in the middle and it's hard to really determine the factors that allow them to manage their security operations, there is a lot we can learn by studying the stories of companies that thrive on DevSecOps and those that really struggle to make it work. In my experience, the biggest reason for companies failing to succeed with DevSecOps is that instead of embracing it, they engage in the project with deep resistance because they know they haven't really done their homework and aren't prepared enough to comprehend the big picture perspective.

GET INSTANT ACCESS NOW

Missed the 2019 event? No worries! Get instant access to all the recordings of the 2019 Secure Guild conference that took place on May 20 - 21.

ACCESS NOW - Just $197

Why Guild Conferences?

  • EXPERTS FROM AROUND THE WORLD

    We've brought the best speakers in the world to bring you the knowledge you need to stay ahead of the curve in testing.

  • LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

    You need to keep learning. One of the most rewarding ways to do this is by attending conferences. Unfortunately, sometimes it's difficult to make it to a conference due to travel costs, the price of the conference ticket, or your ability to take time off. Save yourself heaps of time by not having to travel to a conference and try to be able to fit it into your busy schedule.

  • COMMUNITY (Support before, during and after event)

    Get the support you need before, during and after the conference in our private Guild slack channel!

  • AFFORDABILITY

    Not only do you get top-notch sessions but is all at a super low price. It's a no-brainer and the most cost-effective way to stay up to date with the latest in testing and automation.

100% money back guarantee

The price of this conference is a steal considering the amount of awesomeness you’ll be getting.

We guarantee that you will discover a tip, tool, technique or best practice that will help your testing efforts or your career.

If after viewing all the sessions and the live Q&A you can honestly tell me within 60-days that you received zero value from the Guild we’ll refund your money.

What other conference offers an actual guarantee?

Platinum

  • Micro Focus Fortify

Gold

  • Parasoft Sponsor Logo

Silver

  • Test Army Sponsor

GET INSTANT ACCESS NOW

Missed the 2019 event? No worries! Get instant access to all the recordings of the 2019 Secure Guild conference that took place on May 20 - 21.

ACCESS NOW - Just $197