Discover Actionable Security Testing

15+ Experts Reveal Their Top Security Testing Secrets.

Join the 1st annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts.

May 20-21 2019 10-4:30PM (EST)

Get instant access to all recordings for 2019 event - $147

ONLINE CONFERENCE EVENT TICKET

  • The Convenience of Being Able to Watch Back all the Recordings of the Event -- Forever
  • Experience Yearlong Community Awesomeness in our Private Slack Channel
  • Ability to Ask Your Questions Live to Some of the Top Experts in the Security Testing Field
  • Learn Actionable Security Testing Strategies and Proven Techniques

$197 $147( * Per Attendee )

Register Now

*Groups of 5 or more get 20% off at checkout.

LINEUP (* speakers time subject to change)

Day 01 - May 20, 2019

franziska buehler headshot

10:00 am-10:50 am(EDT)

Test your WAF and make it your friend! - Franziska Buehler

Very often, people are afraid of web application firewalls (WAF) because they can potentially block an application's legitimate traffic. This can lead to problems in the production, which, admittedly, are really annoying! However, WAFs are a very useful additional layer of defense when it comes to defending attacks, such as those described by the "OWASP Top Ten".
Jahmel Harris

11:00 am-11:50 am(EDT)

Hacker Tools for Developers and Testers. (Adding security tests into the pipeline) - Jahmel Harris

There are so many awesome hacker tools for hackers out there - things like nmap, nessus and even zap proxy. They work great if you're a pen tester but trying to use these tools in a way that makes sense for development and testing teams can be challenging. In this session, we'll look at how we can use Frida, a tool used by pen testers, to add in security test cases into our Android applications so they are run as part of the CI/CD pipeline.
Jimmy Rabon

12:30 pm-1:20 pm(EDT)

Do your Pipelines remember? They must if you want to go fast with static analysis - Jimmy Rabon

All static analysis tools produce false positives and often require developer context to determine exploitability of a security risk. Automating a static scan is usually straightforward but building automation workflows around SAST findings require that your Pipelines become smarter over time. Optimizing the data provided by SAST tools is an often overlooked aspect to integrating SAST tooling into the CI / CD pipeline but it is required to be successful. Come learn best practices for successful SAST integration and about how machine learning can help us predict the future, based on our past.
Adhiran Thirmal

1:30 pm-2:20 pm(EDT)

How to win over that elusive Developer - Adhiran Thirmal

Discover the key to implementing a successful application security testing program is having buy-in from your developers, DevOps and architects.

Dwayne Thomas

2:30 pm-3:20 pm(EDT)

Switching from QE to Product Security - Dwayne Thomas

Switching Software development team membership to cyber security in less time than it takes for a baby to start blinking. How might one enter the most in-demand field in less time than it takes for a baby to start blinking AKA the third trimester of pregnancy? The trick, of course, is that a little extra time between jobs didn't hurt for interviewing. This presentation only hints at recommendations and is not prescriptive. It willingly suggests that other parts of life keep happening. Other smoke and mirrors are revealed in this talk but... quality time advocating high priority fixes, plowing bug bounty programs, presenting security topics for Toastmasters, searching job sites, informational interviews, meet-ups, and obtaining a CISSP certificate all helped for a just in a time career change.
Dr. Jared DeMott
Dan Billing Headshot
Dawid Bałut

3:30 pm-4:10 pm(EDT)

Roundtable Ask Us Anything About Security - Dr. Jared DeMott, Dan Billing, Dawid Bałut

Day 02 - May 21, 2019

Hasan Yasar Headshot

10:00 am-10:50 am(EDT)

Challenges in implementing and sustaining DevSecOps environment - Hasan Yasar

How to define DevSecOps is a highly-contested topic. Despite what some will lead you to believe, DevOps is not just a set of tools. Nor is it merely a focus on achieving continuous integration, continuous delivery, or continuous deployment. Business values drive DevOps development. Without a DevSecOps mindset, organizations often find their operations, development, and security testing teams working toward a short-sighted incentive while creating their infrastructures, test suites, or product increments. In this talk I will explain DevSecOps, the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.

Arthur Hickens

11:00 am-11:50 am(EDT)

Understanding the Most Common Secure Coding Standards in Use Today - Arthur Hicken

Vandana Verma

12:30 pm-1:20 pm(EDT)

Cloud Security and the Myths around it - Vandana Verma

Morgan Roman

1:30 pm-2:20 pm(EDT)

Integrated Security Testing - Morgan Roman

Having a dedicated suite of continuously run security tests seems out of reach for all but the most mature security programs. Scanners only scratch the surface of your application. Many companies already have integration tests that snake their way deep into their web application, covering nearly every workflow. In this talk, we will use a minimal amount of work to transform these integration tests into a suite of security tests. We will repurpose Selenium integration tests into security tests to search for common web application flaws such as XSS and SQLi with more context than a scanner. These security tests will traverse the web application the same way a real user would. This session is ideal for testers and developers interested in making security testing part of their continuous integration pipeline.
Altaz Valani

2:30 pm-3:20 pm(EDT)

Threat Modeling @ Scale: Moving From the DevOps Pipeline to the Risk Driven Enterprise - Altaz Valani

Traditional Threat Modeling focuses on the determination of security risk in an application. Today, this view is too narrow and does not deliver continual risk-oriented views of an enterprise application portfolio. Instead, we need an automated vertical pipeline (a policy to execution pipeline) that addresses risk by taking policies as the input and delivering DevOps operating procedures as the output.
Dawid Bałut

3:30 pm-4:20 pm(EDT)

Successful DevSecOps Evolution - Dawid Bałut

Although most companies are somewhere in the middle and it's hard to really determine the factors that allow them to manage their security operations, there is a lot we can learn by studying the stories of companies that thrive on DevSecOps and those that really struggle to make it work. In my experience, the biggest reason for companies failing to succeed with DevSecOps is that instead of embracing it, they engage in the project with deep resistance because they know they haven't really done their homework and aren't prepared enough to comprehend the big picture perspective.

Why Guild Conferences?

1

EXPERTS FROM AROUND THE WORLD

We've brought the best speakers in the world to bring you the knowledge you need to stay ahead of the curve in testing.

2

NO EXPENSIVE AIRLINE TICKETS OR HOTEL ROOMS

You need to keep learning. One of the most rewarding ways to do this is by attending conferences. Unfortunately, sometimes it's difficult to make it to a conference due to travel costs, the price of the conference ticket, or your ability to take time off. Save yourself heaps of time by not having to travel to a conference and try to be able to fit it into your busy schedule.

3

LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

At traditional conferences many times you end up missing a session you really wanted to attend. Or you forgot something that the presenter mentioned. Watch each session as many times as you like!  So you will be able to listen to the talks at your own pace.

4

COMMUNITY

Get the support you need before, during and after the conference in our private Guild slack channel!

5

AFFORDABILITY

Not only do you get top-notch sessions but is all at a super low price. It's a no-brainer and the most cost-effective way to stay up to date with the latest in testing and automation.

THE GUILD GUARANTEE

THE GUILD GUARANTEE

The price of this conference is a steal considering the amount of awesomeness you’ll be getting.

We guarantee that you will discover a tip, tool, technique or best practice that will help your testing efforts or your career.

If after viewing all the sessions and the live Q&A you can honestly tell me within 60-days that you received zero value from the Guild we’ll refund your money.

What other conference offers an actual guarantee?

That’s how awesome we think Guild Conferences are.

But don’t take our word for it.

Listen to what past Guild members have to say:

Host


Joe Colantonio is the founder and host of GuildConferences. He is also the founder of JoeColantonio.com and TestTalks a blog and podcast dedicated 100% to helping you with all your automation efforts.