"Discover the best
Security Testing Strategies
from the World’s Top Experts!"

Round Secure Guild Logo

Let me tell you in 2 minutes:

Why Security Testing is More Important Now Than Ever

Join for only $147 - Register Now!
  • EXPERTS FROM AROUND THE WORLD

    Image(item.icon).alt
  • LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

    Image(item.icon).alt
  • COMMUNITY (Support before, during and after event)

    Image(item.icon).alt
  • AFFORDABILITY

    Image(item.icon).alt

Speakers 2020

  • Tanya Janca

    Tanya Janca

    Tanya Janca, also known as ‘SheHacksPurple’, is the founder of SheHacksPurple.dev & author of 'Alice and Bob Learn Application Security'

  • Royce Davis

    Royce Davis

    Royce Davis (R3dy) of PentestGeek.com is a security expert specializing in network and application penetration testing.

  • Harinee Muralinath

    Harinee Muralinath

    Harinee is a Security Practice Lead and a product owner and core contributor to Talisman. She is currently co-leading the Capability function for ThoughtWorks India.

  • Wilson Mar

    Wilson Mar

    Wilson Mar has been building and bringing enterprise applications to market on major platforms—from mobile to server clouds—as an architect, developer, performance tester, & manager.

  • Cindy Blake

    Cindy Blake

    Cindy Blake is the Senior Security Evangelist at GitLab.

  • Jahmel Harris

    Jahmel Harris

    Jahmel (Jay) is a security researcher and hacker and co-founder of Digital Interruption.

  • Dale Meredith

    Dale Meredith

    Dale Meredith has been a Certified Ethical Hacker/Instructor EC-Council for the past 15 years, and Microsoft Certified Trainer for over 20 years.

  • Harjit Sandhu

    Harjit Sandhu

    Senior Application Security Engineer at Zoopla.

  • Jimmy Rabon

    Jimmy Rabon

    Director of Product Management at Micro Focus. Former Senior Fortify Product Manager.

  • Cassie Crossley

    Cassie Crossley

    Director Product & Systems Security at Schneider Electric.

  • Dr. Arash Rahnama

    Dr. Arash Rahnama

    Dr. Arash Rahnama is head of Applied AI Research lead at Modzy.

  • Arthur Hicken

    Arthur Hicken

    Arthur Hicken has been involved in automating various practices at Parasoft for over 20 years.

  • Hasan Yasar

    Hasan Yasar

    Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU.

  • Mike Spanbauer

    Mike Spanbauer

    Mike Spanbauer is a Security Evangelist for Juniper Security with over 25 years of experience.

Schedule 2020 (All times are in the Eastern Time Zone)

*Speakers and Time Subject to change

Oct 19 - 20

  • 10:00 am - 10:50 pm

    Vulnerable Dependencies - The Toxic Relation

    Harinee Muralinath

    Every code inevitably depends on libraries and other components. They, in turn, have transitive dependencies. Have you wondered, apart from the features, what more do you inherit? What if those libraries are vulnerable? What if they silently inject ways for attackers to misuse your code? How would you ever know if you use vulnerable dependencies? It's not even in your hands! ...Or is it?

  • 11:00 am - 11:50 pm

    How to shift security testing left

    Arthur Hicken

    Most security efforts today rely on late-cycle reactive techniques such as penetration testing. Late testing means that we often find things after than can easily be fixed and is by its nature always trailing behind the newest efforts of the adversaries. Such actions are a necessary part of a secure software lifecycle but have shown that they aren’t up to the task of creating systems that are “Secure-by-design.” To achieve maximum security, we must shift security efforts left and perform them earlier in the software lifecycle. We’ll explore the various techniques like DAST to begin security testing earlier in the cycle, decouple it from physical constraints, and how to move even further left by preventing the code that is vulnerable to attacks in the first place with static analysis based on secure software engineering standards.

  • 12:30 pm - 1:20 pm

    Creating Your Own Hacking Lab

    Dale Meredith

    As a cybersecurity professional, it’s important that you establish a “laboratory” for you to practice your skills and test new vulnerabilities. As with any skill, before you do anything in the real world you need to practice, practice, and then practice some more. The time to learn a new tool or “try something out” isn’t on a live network or an engagement. In this session Dale will present you with different ways to create an environment that you can use to enhance your learning while wearing your “hacker hoodie” (sold separately ;-) ) and keeping your production network safe from harm.

  • 1:30 pm - 2:20 pm

    Secure your GitHub with 2FA and signatures. Here's how!

    Wilson Mar

    TBA

  • 2:30 pm - 3:20 pm

    Intro to AppSec

    Tanya Janca

    TBA

  • 3:30 pm - 4:20 pm

    Do You Know How to Prioritize Your Open Source Findings?

    Jimmy Rabon

    Listen in and learn how we co-developed “susceptibility analysis”, which allows developers and application security engineers to understand whether a publicly disclosed vulnerability has actually been invoked in your customer code, and more importantly, whether attacker-controlled input reaches that function. No magic, no empty promises, just good research from Sonatype to the patching function and deep dive static analysis from Fortify.

  • 4:30 pm - 5:20 pm

    Integrated Software Bill of Materials (SBoM) into DevSecOps

    Cassie Crossley

    Discover what is Software Bill of Materials (SBoM) and why it's so important as part of your security testing plans.

  • 10:00 am - 10:50 pm

    Learn how to threat model using an interactive board game

    Harjit Sandhu

    The technique of threat modeling is often intimidating to engineers with little or no security experience. Using the open-source board game, I've developed technical and non-technical individuals to explore the concepts of threat modeling without worrying about the detail behind learning the techniques. Players learn about the hacker mindset, gain an understanding of value, and begin to dig into defense in depth using the risk control residual risk methodology. All this before even knowing what threat modeling is. The session ends by looping back over leanings and equating them to the various threat modeling competencies.

  • 11:00 am - 11:50 pm

    Bringing Fuzz Testing to the Mainstream

    Cindy Blake

    Fuzz testing is useful for finding flaws that other security and quality testing methods cannot. But it's been challenging to use. See how GitLab is integrating this powerful technology as an automated byproduct of your CI pipeline.

  • 12:30 pm - 1:20 pm

    How to build DevSecOps Pipeline as Code!

    Hasan Yasar

    You've heard the hype and read dozens of blog posts on DevSecOps. Finally, your organization has decided to make this cultural shift to take advantage of automation and the benefits of DevOps. However, making this shift as an engineering team can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In this talk, I will introduce Microcosm, a miniature, secure DevOps pipeline we developed at the SEI available through infrastructure as code. Microcosm represents a miniature version of a secure DevOps pipeline compared to what you find in a large, enterprise environment. In this talk, I will go through crucial principles DevSecOps pipeline and share our lesson learned examples with the Security community.

  • 1:30 pm - 2:20 pm

    Security in your pocket; Android application security for beginners

    Jahmel Harris

    In this session, we'll be doing a practical example of how we can analyze Android applications for vulnerabilities and the tools that are available to help us. We'll be going beyond vulnerability scanners and looking at how we can manually test for common security issues, including one that won me a not-insignificant amount of money in bug bounties and another that let me see all the user details for an "adult" virtual reality application.

  • 2:30 pm - 3:20 pm

    Attacking AI with Adversarial Inputs and How to Defend against It!

    Dr. Arash Rahnama

    AI models are vulnerable to subtle adversarial disturbances applied to the inputs. These adversarial disturbances, though not noticeable to the human eye, can easily mislead the AI. In this talk, we cover this phenomenon and briefly describe Modzy’s unique solution for defending against adversarial attacks.

  • 3:30 pm - 4:20 pm

    Teach Yourself Penetration Testing: A hands on walkthrough of the Capsulecorp-pentest environment

    Royce Davis

    A hands-on walkthrough of the Capsulecorp-pentest environment. Discover a quick way to stand up a test environment for conducting an internal network penetration test that you can practice your security testing skills against.

  • 4:30 pm - 5:20 pm

    Developing a Security Test Methodology

    Mike Spanbauer

Security Testing Awesomeness

Oct 19 - 20

Join hundreds of fellow security testing engineers at the 2nd annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts. A 2 days online conference you can watch all from the comfort of your home.

Register now!

Why Guild Conferences?

  • EXPERTS FROM AROUND THE WORLD

    We've brought the best speakers in the world to bring you the knowledge you need to stay ahead of the curve in testing.

  • LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

    You need to keep learning. One of the most rewarding ways to do this is by attending conferences. Unfortunately, sometimes it's difficult to make it to a conference due to travel costs, the price of the conference ticket, or your ability to take time off. Save yourself heaps of time by not having to travel to a conference and try to be able to fit it into your busy schedule.

  • COMMUNITY (Support before, during and after event)

    Get the support you need before, during and after the conference in our private Guild slack channel!

  • AFFORDABILITY

    Not only do you get top-notch sessions but is all at a super low price. It's a no-brainer and the most cost-effective way to stay up to date with the latest in testing and automation.

100% money back guarantee

The price of this conference is a steal considering the amount of awesomeness you’ll be getting.

We guarantee that you will discover a tip, tool, technique or best practice that will help your testing efforts or your career.

If after viewing all the sessions and the live Q&A you can honestly tell me within 60-days that you received zero value from the Guild we’ll refund your money.

What other conference offers an actual guarantee?

Awesome Sponsors for 2020

Platinum

  • MicroFocus330x145

Gold

  • Parasoft330x145

Media

  • TechBeacon_330x145 px

Are you looking to sponsor us? Request info here

Security Testing Awesomeness

Oct 19 - 20

Join hundreds of fellow security testing engineers at the 2nd annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts. A 2 days online conference you can watch all from the comfort of your home.

Register now!