Loading…
Welcome to Diana Initiative 2021 Virtual Conference schedule.
For more information, please see our virtual conference page here :
https://tickets.dianainitiative.org
Back To Schedule
Friday, July 16 • 3:30pm - 4:00pm
The System Call Is Coming from Inside the House: Appsec Horror Stories

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!



Finding security vulnerabilities like being a paranormal investigator, only with better tools. You enter a structure made by someone else under conditions you don’t know, and it’s your job to find the omissions, mistakes, and accidental problems left by other devs. In reviewing web apps, Chrome extensions, and other software, you’re bound to find some apparitions, if not outright poltergeists. Instead of orbs and ectoplasm, though, the evidence is in token problems, wild permissions, and the use of libraries so old they might as well be zombies. This talk will cover the kinds of haunts you’re likely to find (or inadvertently put into place, if you're creating the app), match familiar and new vulnerabilities to their scary counterparts, teach ways to recognize them, and provide some strategies on exorcising them with accurate reports and compassionate communication with the teams that brought them into our realm in the first place.

Speakers
avatar for Breanne Boland

Breanne Boland

Product security engineer - security partner, Gusto
Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer who did work in healthcare and govtech. Prior to that, she was a professional writer, and she... Read More →


Friday July 16, 2021 3:30pm - 4:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb