Developers and Application Security

Every year OWASP local chapters from Latin America organize a huge one month event called OWASP LATAM Tour, where each chapter hosts a one day conference in their city. These events are a great place for security professionals and developers to get together and exchange ideas and knowledge.

Just like the secure coding trainings I deliver in-company, these events are great to meet developers and understand their problems: legacy applications and development frameworks, lack of interest in application security by management, security not integrated with SDLC, etc. And of course to share my experience on how application security has succeeded in other companies.

Local Chapters

The local chapter I’ve been involved the most during the last five years, both as a speaker and co-organizer, is in my hometown: Buenos Aires. Together with Martin Tartarelli we’ve managed to organize amazing conferences with great speakers like Juliano Rizzo and Mauro Flores.

This year I’m proud to be part of three different events in the OWASP LATAM Tour:

Two talks in Uruguay

It’s always fun to attend OWASP conferences in Montevideo and catch up with the OWASP Montevideo leaders: those guys are really skilled! This year the LATAM Tour was held in the Universidad de la República on the 5th of April where I delivered two talks:

  • Esoteric web application vulnerabilities: Ugly bugs you should know about and try to identify in the next application penetration tests.

  • String Compare Timing Attacks: Hack String.equals(), one of the most low level researches I’ve done.

Two more talks in Mexico

A conference in Cancun? Sign me up! ;-) On 22nd of April I’ll be at Tech Garage in Cancun opening and closing the conference with the same talks I gave in Montevideo: Esoteric Web Application Vulnerabilities and String Compare Timing Attacks.

Interested in attending and hearing more about Esoteric web application vulnerabilities or String Compare Timing Attacks? You should definitely get your free ticket here.

Co-Organizing Argentina

Finally on the 28th of April I’ll be co-organizing the Buenos Aires LATAM Tour event and giving a talk on String Compare Timing Attacks.

The OWASP Buenos Aires chapter had two amazing achievements this year:

  1. Got more sponsors than ever before: This helps keep the event free.
  2. Filled our guest list with 185 sign-ups almost one month before the event.

Wanted to attend? Don’t get frustrated just yet. We opened a wait list, and if someone lets us know that he won’t make it to the conference you’re in.

Attend, learn, repeat

OWASP conferences are a great place to learn about application security.

Professionals with different roles such as: developers, application security experts, QAs and CISOs will have the chance to learn something new and connect with their peers.

I hope to see you there!

Recent Posts