Recap OWASP AppSec California 2017

The Open Web Application Security Project (OWASP) Los Angeles Chapter teamed up with the Orange County, Santa Barbara, and San Diego chapters to bring us the 4th Annual AppSec California Security Conference held at the Annenberg Community Beach House in Santa Monica, California, USA).

It was an opportunity to discuss security with security professionals, developers, penetration testers, QA, and testing professionals from the US and worldwide.

Jscrambler was a sponsor at OWASP AppSecUSA 2016 in Washington last October but was a first-time contributor in AppSec California. We have to say we were truly impressed by its dimension, considering we’re talking about a regional event. We found it a rewarding experience, not only for its different spin but also for being hosted right at the beach!

If you couldn't attend OWASP AppSec California 2017, don’t worry. All sessions were recorded, which will be posted on the OWASP YouTube channel. In the meantime, take a look at our key insights from the event:

Application Security made a splash

At the 2-days conference, we had the chance to watch some great presentations as the program was composed of 23 talks thoroughly chosen from more than 87 that were submitted.

Our CTO, Pedro Fortuna, was invited to speak at this edition and explained the types of attacks and threats that organizations are facing on the client-side of web applications and what should be done to preserve their integrity.

The talk was at the Garden Terrace Room and drew the interest of dozens of people working both in web development and security.

Pedro demonstrated some attack scenarios and how to avoid them to make sure web applications behave exactly as they were designed. Since more and more of an app's logic is transferred from server-side to client-side, organizations need to focus much more on security and applications need to be protected in a more comprehensive manner.

The feedback from the audience was extremely positive and it was made clear to everyone that there’s a lot to be done when it comes to client-side application security especially since, to date, companies have been focused on the threats via the server and have paid little attention to the hidden dangers of tampering on the client-side.

Jscrambler Booth & Demos

There were several companies represented in the Vendor Expo. Jscrambler was at Booth #22 discussing security and demoing its technology to an audience of developers, security, and tech professionals.

The Jscrambler team had the opportunity to speak with numerous individuals and organizations about topics such as client-side RASP (Runtime Application Self-Protection), JavaScript Application Security, MiTB, and DOM-tampering attacks.

Sun, sand, and security

It’s easy to understand the organization’s efforts to avoid the relocation of this event.

The landmark Marion Davies House was the perfect choice for the great Opening Reception where attendees had the chance to network while listening to the waves.

The place is terrific and the food was great which made the place crowded, clearly an indicator of the success of the event.

OWASP AppSec California Brings Diversity to the Beach

Huge thanks to the local OWASP AppSec California 2017 organizing team for delivering such a stimulating conference!

Once again, it was a pleasure to sponsor the premier application security conference for developers and security experts, share knowledge and experiences about secure systems and secure development methodologies, and contribute to building security awareness in the Southern California community.

We look forward to the next one!