Now Available On-Demand

about Secure Coding

Coding is no longer just about creating new and innovative features. As AppSec becomes a top priority, agile organizations are looking for ways to win at security without slowing down their release cycles. This means reconfiguring our mindset, and shifting security as far left as possible: The Coding Phase.

Your first mission, should you choose to accept it, is to join us at the Secure Coding Virtual Summit on the 23 April 2020 where you can hear from our finest selection of agents (also known as industry-leading practitioners, analysts, and thought leaders from the AppSec and Cybersecurity realm) as they share their secret insights, principles, and best practices to achieve better, secure software.


Simone Curzi

CyberSecurity Principal Consultant, Microsoft

Mark Curphey

Co-Founder and Chief Product Officer, Open Raven


Virtual Summit Sessions
April 23, 2020
10:00 am - 11:00 am

The Evolution of Secure Coding

Justin Hutchings
Senior Product Manager, GitHub
Rhys Arkins
Director of Product, WhiteSource
Alan Shimel
Founder & CEO, MediaOps Inc.
Mark Curphey
Co-Founder and Chief Product Officer, Open Raven

The importance of security has changed substantially over the past few years. We see an exponential growth in security products, services, certifications and in general, much more interest in the subject of security – yet, we continuously face a battle against security vulnerabilities and security breaches. This poses the question: what role does secure coding play in today’s day and age? What is the secret to improving an organization's secure coding capabilities? What can we do better?

11:00 am - 11:30 am

How to ship secure code with confidence

Matias Madou
Co-founder & CTO, Secure Code Warrior

It is estimated that, globally, 111 billion lines of code is produced every single year. In a rapidly digitising world, that number is only set to grow larger… along with the potential for more security issues. We are facing an uphill battle against a general AppSec skills shortage, the need for production at the speed of company innovation, and siloed teams not working to the same application security goals. With over 4 billion records stolen as a result of data breaches in 2019 alone, this has to change.

Security awareness programmes remain a powerful, yet underutilised tool to inspire organisations to stay security-focused and engage teams to do their part in the fight against vulnerable code. With the right security awareness programme, you can effectively bridge the gap between the AppSec and dev cohorts, fostering a positive and collaborative culture to achieve common goals and create a better standard of software.

11:30 am - 12:30 pm

Secure Coding Best Practices

Matthew Butler
Principle Engineer, Laurel Lye

Computer systems are under siege 24 hours a day, day in and day out. The critical security infrastructure designed to protect those systems, won't. The other side has the best security hardware and software systems other people's money can buy and they have all the time in the world to find creative ways to defeat them. Meltdown and Spectre are prime examples of security vulnerabilities that have lurked dormant for decades. Or have they? If your systems are in any way connected to the outside world, the other side will get inside the wire on you. Know that going in.

Whether you write applications, libraries or work in kernel code, the line of code you write today may very well be the vulnerability someone else finds tomorrow. By nature, every code base contains hundreds of attack surfaces and it only takes one serious vulnerability to compromise your system.

In this talk we'll see:

* How hackers think and how they identify weaknesses in our systems.
* How to identify hidden attack surfaces, attack vectors and vulnerabilities in critical systems.
* Where the most common vulnerabilities in Modern software development are and how to avoid them.
* Why common guidelines and static analysis tools often fail to find vulnerabilities.
* How to use Threat Modeling to analyze complex systems and built security into our systems at design time.
* How to use Trust Boundaries to protect critical infrastructure.
* Why open source and third-party libraries are fast becoming hidden liabilities in our software and how to protect ourselves against their vulnerabilities.
* What the best practices for protecting our code from attack are.

The critical security infrastructure designed to protect your systems is largely out of your control. The one thing you can control is the next line of code you write. This talk is for anyone writes kernel, applications or libraries that run in the real-world and that face real-world attacks.

In today's world, that's all of us.

12:30 pm - 1:15 pm

How secure is secure enough? Designing for Security with Threat Modeling

Avi Douglen
Founder & CEO, Bounce Security

We’ve all been there – we’ve each spent too much time and resources on security, but 3 months later we still get breached anyway. “But we followed all the ‘Best Practices’!” your developers cry.

In this flash intro to secure software design, AviD will show why every software development process should start with Threat Modeling, and how to efficiently get security to contribute to the bottom line.

1:15 pm - 1:45 pm
Solution Zone

Visit the virtual booths and meet the experts

1:45 pm - 2:15 pm

Code Security: Let’s Put Fears Aside and Learn Cool Things

Nicolas Bontoux
VP of Marketing, SonarSource

Fears.. It’s like if they sometimes rule the security market.. If you don’t follow secure development practices, then your users’ personal data might get stolen... If you don’t do ‘DevSecOps’, then your app will be vulnerable and might get hacked... No doubt Application Security is an important topic, but is bringing up risks and fears really the best way to get development teams to care about secure coding practices?

In this talk we will go through a different approach, a more powerful one: empowering developers. Developers love learning best-practices, they constantly seek to improve their code. By tightly coupling security tooling with developers’ workflow, you can get more than just mitigating risks and fears: you’re giving an opportunity for your development team to be more engaged, to truly understand the security of their code, and to continuously get better at keeping it secure.

As you join this session, leave fears on the side, and come feel the good vibes of developer-led code security! It’s about developers learning and growing, it’s about teams maximizing their impact.

2:15 pm - 2:45 pm

An introduction to cloud native security with containers

Michael Hausenblas
Developer Advocate, AWS

In this session we will review the pillars of cloud native security in the context of containerized workloads. We will cover topics such as securely building container images, runtime security, authentication and access control in Kubernetes, network traffic control, and secrets.

Secure Coding and Vulnerabilities

Dr. Nikki Robinson
Cyber Security Engineer, XLA
Alan Shimel
Founder & CEO, MediaOps Inc.
Ken Underhill
Master Instructor, Cybrary
Dr. Philip Kulp
Doctoral Chair and Mentor, Capitol Technology University

In this panel, the panelists will discuss different code attack vectors, including the OWASP Top 10. They will also discuss the importance of both static,dynamic, as well as software composition analysis to help mitigate vulnerabilities in our code.

3:30 pm - 4:00 pm

Threat Modeling vNext

Simone Curzi
CyberSecurity Principal Consultant, Microsoft

Threat Modeling is one of the best tools for Security and has been adopted successfully by various Companies around the globe, including Microsoft. Even if it has demonstrated to be a very effective approach, it has not shone for efficiency and has improved only so much compared to other development methodologies over the last years.

All those problems have been reason enough to limit its adoption. It is past due time for change. It is time to make Threat Modeling the flexible, integrated, automated and customizable process you need. Please meet Threat Modeling vNext!

4:00 pm - 4:30 pm

Deep dive container security (policies, access control & managing sensitive data)

Michael Hausenblas
Developer Advocate, AWS

In this hands-on sessions we dive deep into three areas of container security that deserve special attention, namely policies and their enforcements (Kubernetes network policies and OPA), access control (RBAC and general purpose IAM), as well as options how to deal with sensitive data (Kubernetes secrets, AWS Secrets Manager, Vault).


Reserve your spot now! Can’t make the live date? No worries!  Register now, and we’ll send you the replay link after the event. Please complete your registration below. Already registered? Log in here. 

  • By checking this box I agree to the above information being used for processing by MediaOps and the Data Collection Consent for 6Connex, and shared with the aforementioned parties in order to process my registration.

    I further agree to stay informed about future webinars, newsletters, ebooks and events relevant to my professional interests. You may unsubscribe from receiving marketing emails by clicking the unsubscribe link in each such email from MediaOps and other third parties/partners. More information on our processing can be found in the MediaOps Privacy Statement .
  • This field is for validation purposes and should be left unchanged.


Premier sponsor


If you have any questions,
feel free to email us

MediaOps, the company behind leading technical communities such as, Container Journal, Security Boulevard, DevOps TV and Digital Anarchist, along with its premier sponsor, WhiteSource, is proud to present the Secure Coding Virtual Summit. Secure Coding is the industry’s first truly immersive conference focused on Application Security, thereby equipping organizations with the right mindset and tools to shift security as far left as possible: The Coding Phase.

MediaOps virtual events take place in the unique virtual reality conference environment. Not your typical series of strung together Google Hangouts, every one of our virtual summits is a true live conference, replete with an actual theater to view the keynotes and presentations, a conference lobby to chat and socialize, a real virtual expo floor with exhibitor stands and booths, equipped with videos, downloadable assets, and even prizes for you to win.

Best part of the virtual summit — you can attend it from the comfort of your work desk, laptop or even your smartphone. No hotels, no airplanes, no travel, hence no traffic or parking garages. Simply log in and listen, learn, network and enjoy! Oh, and did we mention — it is all absolutely free.