Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Ahh, the web, an open platform where sites can communicate with each other, embed third-party content to unlock powerful features, make requests to arbitrary endpoints of other web applications... Well. Isolation was never a thing on the web, and this creates a number of security issues⏤but Spectre took this to the next level.

I will discuss digital transformation in the enterprise, how it impacts cloud native applications developed using agile methodologies and as a result, an oscillating application risk rating, which then triggers prioritized security-related activities by application security engineers.. Key topics will include: Creating a baseline application risk profile Dynamic characteristics of application risk factors Significant changes that trigger security reviews

Greatly reduce vulnerabilities using Snyk's advanced container analysis. This session focuses specifically on the Base Image Management capabilities. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Infrastructure as Code enables you to take ownership of your cloud environments and define what your application needs in a programmatic way. It's appealing because it’s code; you can version it, you can automate testing it using pipelines and you can deploy it frequently on your own. However there is a catch. With this level of autonomy comes increased responsibility and the implicit requirement to have the relevant knowledge needed in order to design and configure secure infrastructure.

Snyk allows customers to create custom rules, using advanced patterns, to define what to look for in infrastructure as code files. This session will be a deep dive into how to create your own rules for Snyk Infrastructure as Code (Snyk IaC)

Hear from Snyk's DevRel and Community Team as they share their security horror stories.

Andrew Betts shares his security horror story of how the Financial Times was hacked by the Syrian Electronic Army.

All things OWASP

How do you become a secure python developer? Following best practices, and learning about application security from experts! In this session we will explore and explain explain how Python manages dependencies, the requirements.txt file, and other aspects of 3rd-party open source software. We will gently touch upon an intro to the different package managers, such as pipenv, and poetry.