DevSecCon - Germany

• Welcome & Lightning talk - "Demystifying SAST and DAST"
  Mathias Conradt, Principal Solutions Engineer at Snyk, OWASP Member, CCC Supporter

In this session, we delve into the operational distinctions and integration challenges of Static and Dynamic Application Security Testing within CI/CD pipelines. Our discussion will not only clarify the effectiveness of these tools in various development stages but also how Dynamic Application Security Testing differentiates itself from traditional penetration testing. DAST's role in automated, continuous security assessments highlights its unique position in preemptive application defense compared to the more sporadic nature of penetration tests.
Participants will gain insights into how these methods complement predictive and reactive security measures and what factors to consider to align them effectively with their organizational security needs. Join us to refine your strategic approach to application security, ensuring well-informed decisions on employing SAST and DAST in your security arsenal.

• "Live Hacking Cloud Architectures"
  Thorsten Jakoby, Director Technology Expertise & Cloud Security Architect at Novatec Consulting

As more organizations are moving to the cloud, cloud architectures are getting more sophisticated by having a kind of technology diversity. This includes for example container orchestrators, database services, networking components & virtual machines.
When it comes to security, observability on this diversity is paramount. The main question here is, do you really perceive when your app landscape is under attack?
In this session, you'll have the opportunity to see various attack vectors & ways to mitigate them using different technologies.
Come and watch a live attack on a real-world based cloud architecture and see the attacker scan web applications and start lateral movement with the goal of exfiltrating data. Furthermore, become a part of the blue-team, defending and securing the architecture with modern open source tools.

• "Rewarding Resilience: The Critical Role of Crowdsourced Defense Through Bug Bounties"
  Laurie Mercer, Field CTO for EMEA at HackerOne

How can organizations utilize the global security community's expertise to eliminate vulnerabilities? In this session, Laurie explores the growing role of crowdsourcing and bug bounty programs as a cornerstone of robust cybersecurity strategies. Drawing from real-world examples, he explores the impactful role independent security researchers have made in enhancing cybersecurity from code to cloud. He will discuss how to engage with security researchers to identify and eliminate vulnerabilities, including how to integrate with traditional security measures like SAST and DAST.
The session will highlight the benefits, challenges, and key strategies for working with the global security researcher community. Attendees will leave with a deeper understanding of how crowdsourced security can significantly bolster cyber defenses and promote a culture of transparency and collaboration within the industry, from engaging the hacker community to measuring program success and the ROI of bug bounties and more.

There'll be a raffle to win a Skullcandy headset and enough time to network and chat alongside food and drinks.

Who Should Attend?
This event is ideal for Application Security Managers, Program Managers, and IT professionals eager to enhance their understanding of comprehensive security strategies within the software development lifecycle.
Whether you are looking to refine your existing security processes or to discover new tools and practices, this meetup will provide you with the knowledge and connections to advance your application security initiatives.
Secure your spot today and join us for an evening of insightful discussions, networking, and learning from the foremost experts in the field. Together, let’s build a more secure future for our software environments.