Track: //TODO: Security <-- fix this


Day of week:

Those who spend money on the best locks are often the people who have seen the worst happen. Learn from those who have lived through catastrophes (or caused them) so that you can get a glimpse of the world you hopefully never have to be part of. From penetration testing to reverse engineering, to forensics, see what goes into the attacks straight from the experts.

Track Host:
Jarrod Overson
Web Addict, Director of Engineering @ShapeSecurity
Jarrod has been developing on the web for over 15 years in both startups and global companies and currently works at Shape Security. Previously at Riot Games and Napster, Jarrod has worked in every corner of web technology and is an active proponent and contributor to open source, creator of Plato and co-author of Developing Web Components.
10:35am - 11:25am

by Jason Chan
Director of Engineering - Cloud Security @Netflix

Historically, relationships between developers and security teams have been challenging. Security teams sometimes see developers as careless and ignorant of risk, while developers might see security teams as dogmatic barriers to productivity.

Can technologies and approaches such as the cloud, APIs, and automation lead to happier developers and more secure systems? Netflix has had success pursuing this approach, by leaning into the fundamental cloud concept of self-service, the Netflix...

11:50am - 12:40pm

by Connor Tumbleson
Developer @SourceToad & Apktool Maintainer

If you own an Android device, you’ve more than likely heard of an APK file. How easy are Android distributables to examine and extract information?

Some companies assume resources, APIs and more are private among the APK while others, aware of the risk, take part in a constant cat and mouse game of application security. A variety of tools have additionally emerged to make the extracting of contents from an APK much more difficult.

In this talk we will look at the Android...

1:40pm - 2:30pm

by Alex Holden
Founder and Chief Information Security Officer at Hold Security, LLC

Hackers are learning from our mistakes and developing more resilient and devastating attacks. Our defenses, while improving, are making the same mistakes as they have for decades. We will discuss a number of recent breaches as well as lessons learned.

What drives hackers toward their ill gains in 2016? What are their latest techniques? What should our defenses be today and transform into tomorrow?

2:55pm - 3:45pm

Open Space
4:10pm - 5:00pm

by Jarrod Overson
Web Addict, Director of Engineering @ShapeSecurity

Ashley Madison data stolen...
Yahoo confirms biggest breach ever...
10 million passwords leaked! 80 million! 500 million!

What does this mean to you and your websites? You use secure passwords, your sites haven’t been compromised, and you have safeguards in place to protect your customers, so you don’t need to worry, right?


Jarrod Overson reveals the world where these passwords are traded, sold, verified, and used to exploit your sites. Even if you are...

5:25pm - 6:15pm

by Albert Yu
Principal Security Engineer @Atlassian

The war between web application attackers and defenders have never ended. In reality, it is getting more and more severe. Looking at the tremendous ways of defending web applications, why attackers are still winning?

"Not knowing your enemy, a victory will always follow with another loss."

Real world attackers and bug bounty hunters are extremely capable nowadays. I'll go through some of the most interesting ones. You will probably be surprised with the determination and...



Monday Nov 7

Tuesday Nov 8

Wednesday Nov 9