The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Back To Schedule
Tuesday, January 30 • 4:20pm - 5:10pm
Costs of Coding to Compliance

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The problem with most compliance, such as PCI, is that when you manage a project, design, or code only to the line of compliance, there are going to be security gaps. When you have gaps, your risk gets higher, and it becomes more costly to fill those gaps later. 
This talk will describe the requirements of some compliance frameworks and the gaps that can occur when you’re following the bare minimum secure coding practices that they require. The presenters will also give suggestions on how to address these gaps and how to plan for future risk as your applications and dependencies grow and requirements change. 
The approach will look at prioritizing security initiatives to better manage risk as they pertain to application security and create more efficient processes as they relate to software development. Together, these will increase the ability to prevent, detect, and respond to security events that threaten your apps while supporting compliance initiatives. 
At the end of the presentation attendees will have a good understanding of how a more mature security posture and implementing a framework that also allows you to follow secure coding practices can help harden even your more robust applications, as well as address compliance requirements for application security.

avatar for Joel Cardella

Joel Cardella

Consultant, CBI
Joel Cardella has over 25 years of experience in information security, having run the gamut from CISO to field operations. He currently is a consultant with CBI, helping C-suite executives better understand and interact with information security topics spanning building and running... Read More →
avatar for Magen Wu

Magen Wu

Senior Consultant, Rapid7
Magen Wu has over 10 years of specialized IT experience, is a Sr. Consultant with Rapid7's Strategic Advisory Service group. In her career, she has consulted with organizations in multiple industries including: state and local government, education, retail, technology, and healthcare... Read More →

Tuesday January 30, 2018 4:20pm - 5:10pm PST
Terrace Lounge