Anything and everything AppSec! Application security, software security, cloud security, DevSecOps.

In general, the only restriction on the subject of the talks is being related to Application Security or Software Security in some way (not necessarily Web). We will not accept any talks regarding other aspects of Security, that are not applicative in nature. All talks must be vendor neutral. Talks at any technical level can be accepted. Priority will be given to talks that were not presented before.

We especially appreciate talks from security folk in large organizations (“security consumers”) who can share different Case Studies from the field. Specifically, the topics we look for include, but are not limited to, the following subject areas:

• Secure development: secure coding, supply-chain security, static analysis, application threat modeling, web frameworks security, countermeasures, SDLC, DevOps, etc.

• Mobile security: Development and/or testing devices and the mobile web

• Cloud security: Offensive and defensive considerations for cloud-based web applications

• Applicative Infrastructure security: Database security, VoIP, hardware, identity management, serverless and containers frameworks

• Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.

• Emerging web technologies and associated security considerations

• Internet of Things: IoT security and other devices

• SCADA and Industrial Control Systems: and how these can be secured, or hacked, at an application or software level.

• Applied Cryptography: Relevant research, new models, algorithm usage, interesting attacks, and other applications.

• Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection

• OWASP tools and projects in practice

• Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.

• Cool hacks and other fun stuff: cryptography, social engineering, etc.