Discover Actionable Security Testing

15+ Experts Reveal Their Top Security Testing Secrets.

Join the 1st annual SecureGuild an online conference and community dedicated 100% to helping YOU succeed with your security testing efforts.

May 20-21 2019 10-5:30 (EST)

Join the SecureGuild Now - $197

LINEUP (* speakers time subject to change)

Day 01 - May 20, 2019

Jimmy Rabon

-(EDT)

Do your Pipelines remember? They must if you want to go fast with static analysis - Jimmy Rabon

All static analysis tools produce false positives and often require developer context to determine exploitability of a security risk. Automating a static scan is usually straightforward but building automation workflows around SAST findings require that your Pipelines become smarter over time. Optimizing the data provided by SAST tools is an often overlooked aspect to integrating SAST tooling into the CI / CD pipeline but it is required to be successful. Come learn best practices for successful SAST integration and about how machine learning can help us predict the future, based on our past.
Rana Khalil

-(EDT)

Automating DAST in the DevOps Pipeline - Rana Khali

Web application vulnerability scanners are automated dynamic application security testing (DAST) tools that are used to crawl a web application to look for vulnerabilities. In this session, we’ll present a step by step guide on how to integrate the OWASP Zed Attack Proxy (ZAP) scanner with the Jenkins pipeline. We’ll also look at the limitations of automating the entire security testing process and the dangerous false sense of security this gives an organization.
Jahmel Harris

-(EDT)

Hacker Tools for Developers and Testers. (Adding security tests into the pipeline) - Jahmel Harris

There are so many awesome hacker tools for hackers out there - things like nmap, nessus and even zap proxy. They work great if you're a pen tester but trying to use these tools in a way that makes sense for development and testing teams can be challenging. In this session, we'll look at how we can use Frida, a tool used by pen testers, to add in security test cases into our Android applications so they are run as part of the CI/CD pipeline.
Morgan Roman

-(EDT)

Integrated Security Testing - Morgan Roman

Having a dedicated suite of continuously run security tests seems out of reach for all but the most mature security programs. Scanners only scratch the surface of your application. Many companies already have integration tests that snake their way deep into their web application, covering nearly every workflow. In this talk, we will use a minimal amount of work to transform these integration tests into a suite of security tests. We will repurpose Selenium integration tests into security tests to search for common web application flaws such as XSS and SQLi with more context than a scanner. These security tests will traverse the web application the same way a real user would. This session is ideal for testers and developers interested in making security testing part of their continuous integration pipeline.
Arthur Hickens

-(EDT)

Understanding the Most Common Secure Coding Standards in Use Today - Arthur Hicken

Dr. Jared DeMott

-(EDT)

Roundtable Ask Us Anything About Security - Dr. Jared DeMott

Hasan Yasar Headshot

-(EDT)

Challenges in implementing and sustaining DevSecOps environment - Hasan Yasar

How to define DevSecOps is a highly-contested topic. Despite what some will lead you to believe, DevOps is not just a set of tools. Nor is it merely a focus on achieving continuous integration, continuous delivery, or continuous deployment. Business values drive DevOps development. Without a DevSecOps mindset, organizations often find their operations, development, and security testing teams working toward a short-sighted incentive while creating their infrastructures, test suites, or product increments. In this talk I will explain DevSecOps, the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.

Day 02 - May 21, 2019

franziska buehler headshot

-(EDT)

Test your WAF and make it your friend! - Franziska Buehler

Very often, people are afraid of web application firewalls (WAF) because they can potentially block an application's legitimate traffic. This can lead to problems in the production, which, admittedly, are really annoying! However, WAFs are a very useful additional layer of defense when it comes to defending attacks, such as those described by the "OWASP Top Ten".
Dwayne Thomas

-(EDT)

Switching from QE to Product Security - Dwayne Thomas

Switching Software development team membership to cyber security in less time than it takes for a baby to start blinking. How might one enter the most in-demand field in less time than it takes for a baby to start blinking AKA the third trimester of pregnancy? The trick, of course, is that a little extra time between jobs didn't hurt for interviewing. This presentation only hints at recommendations and is not prescriptive. It willingly suggests that other parts of life keep happening. Other smoke and mirrors are revealed in this talk but... quality time advocating high priority fixes, plowing bug bounty programs, presenting security topics for Toastmasters, searching job sites, informational interviews, meet-ups, and obtaining a CISSP certificate all helped for a just in a time career change.
Vandana Verma

-(EDT)

Cloud Security and the Myths around it - Vandana Verma

Altaz Valani

-(EDT)

Threat Modeling @ Scale: Moving From the DevOps Pipeline to the Risk Driven Enterprise - Altaz Valani

Traditional Threat Modeling focuses on the determination of security risk in an application. Today, this view is too narrow and does not deliver continual risk-oriented views of an enterprise application portfolio. Instead, we need an automated vertical pipeline (a policy to execution pipeline) that addresses risk by taking policies as the input and delivering DevOps operating procedures as the output.
Dawid Bałut

-(EDT)

Roundtable Ask Us Anything About Security - Dawid Bałut

Adhiran Thirmal

-(EDT)

How to win over that elusive Developer - Adhiran Thirmal

Discover the key to implementing a successful application security testing program is having buy-in from your developers, DevOps and architects.

Why Guild Conferences?

1

EXPERTS FROM AROUND THE WORLD

We've brought the best speakers in the world to bring you the knowledge you need to stay ahead of the curve in testing.

2

NO EXPENSIVE AIRLINE TICKETS OR HOTEL ROOMS

You need to keep learning. One of the most rewarding ways to do this is by attending conferences. Unfortunately, sometimes it's difficult to make it to a conference due to travel costs, the price of the conference ticket, or your ability to take time off. Save yourself heaps of time by not having to travel to a conference and try to be able to fit it into your busy schedule.

3

LIFETIME VIEWING ACCESS - WATCH AT YOUR OWN PACE

At traditional conferences many times you end up missing a session you really wanted to attend. Or you forgot something that the presenter mentioned. Watch each session as many times as you like!  So you will be able to listen to the talks at your own pace.

4

COMMUNITY

Get the support you need before, during and after the conference in our private Guild slack channel!

5

AFFORDABILITY

Not only do you get top-notch sessions but is all at a super low price. It's a no-brainer and the most cost-effective way to stay up to date with the latest in testing and automation.

THE GUILD GUARANTEE

THE GUILD GUARANTEE

The price of this conference is a steal considering the amount of awesomeness you’ll be getting.

We guarantee that you will discover a tip, tool, technique or best practice that will help your testing efforts or your career.

If after viewing all the sessions and the live Q&A you can honestly tell me within 60-days that you received zero value from the Guild we’ll refund your money.

What other conference offers an actual guarantee?

That’s how awesome we think Guild Conferences are.

But don’t take our word for it.

Listen to what past Guild members have to say: