Track: Trust, Safety & Security

Day of week: Wednesday

It comes to no surprise, that any microservice, any security control you use to build applications, will eventually be broken (or fail). Under certain pressure, some components will fail together.  

The question is – how do we build our systems in a way that security incidents won't happen even if some components fail. And the data leaks won't occur even if a database server is misconfigured. Security engineers know that failure of single security control is a question of time, failure of security system is a question of design.  

This track is about building secure, yet usable, systems: security architecture, security engineering, cryptography.

Track Host: Anastasiia Voitova

Product Engineer in Security and Cryptography @CossackLabs

Anastasiia is a software engineer with a wide background, she started her career as a mobile developer, then deepen into security engineering. Now she has focused on cryptography/applied security, she helps companies to build secure yet usable systems (oh yes, it takes efforts).  

Anastasiia maintains open-source cryptographic library Themis, conducts secure software development training, often speaks at international conferences, co-organizes cyber-security events and leads security chapter at WomenWhoCode Kyiv.

Exploiting Common iOS Apps’ Vulnerabilities

Many mobile developers still believe that it’s not possible to extract information embedded inside the application bundle. However, it's not true.  

My area of interest is the reverse engineering of mobile apps. In this talk, I'll walk through some of the most common vulnerabilities on iOS apps and show how to exploit them. All these vulnerabilities have been found on real production apps of companies that have (or don't have) bug bounty program. This talk is useful for those connected with mobile app development or those who do use mobile apps to work with sensitive data.

Ivan Rodriguez, Software Engineer @Google

Security

Session details to follow.

Isaac Potoczny-Jones, Founder @Tozny & Authentication and Privacy Specialist

Tracks

Monday, 11 November

  • Architectures You've Always Wondered About

    Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, & more

  • Languages of Infrastructure

    This track explores languages being used to code the infrastructure. Expect practices on toolkits and languages like Cloudformation, Terraform, Python, Go, Rust, Erlang.

  • Building & Scaling High-Performing Teams

    To have a high-performing team, everybody on it has to feel and act like an owner. Organizational health and psychological safety are foundational underpinnings to support ownership.

  • Bare Knuckle Performance

    Killing latency and getting the most out of your hardware

  • Ethics, Regulation, Risk, and Compliance

    With so much uncertainty, how do you bulkhead your organization and technology choices? Learn strategies for dealing with uncertainty.

  • Software Supply Chain

    Life of a software artifact from commit to deployment. Security, observability and provenance of the software supply chain.

Tuesday, 12 November

Wednesday, 13 November