A Static Tainting Analysis Met2od for Aspect-Oriented Programs   Evan Dygert
An Agile Framework for Building GDPR Privacy and Data Protection Requirements into SDLC   Farbod H Foomany
An Investigation into the Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi   Robert Feeney
An Overview of API Underprotection   Richard Taylor
Androsia: A tool for securing in memory sensitive data   Samit Anwer
Application Security Threat Attack Modeling (ASTAM)   Christopher Horn
Automating TLS Configuration Verification on the Back-End of the Web Application Stack   Steven Danneman
Beyond End-to-End Encryption: Threats Models For Secure Messaging   Joël Alwen
Beyond Takeover – Attacker’s in. Now what?   Itsik Mantin
Black-Box Approximate Taint Tracking by Utilizing Data Partitioning   Boris Chen
Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation   Cassio Goldschmidt
Building Secure ASP.NET Core MVC Applications   Niels Tanis
“Capture the Flag” for Developers: Upping your Training Game   Mark Hoopes
Common Developer Crypto Mistakes (with illustrations in Java)   Kevin Wall
Cookie Security – Myths and Misconceptions   David Johansson
Crafting the next-generation Man-in-the-Browser Trojan   Pedro Fortuna
DASTProxy: Don’t let your automated security testing program stall on crawl. Instead focus on business context.   Kiran Sharadkumar Shirali
Embedding GDPR into the SDLC   Sebastien Deleersnyder
Enhancing Physical Perimeter Defense Using SDR   Yitao Wang
Federated Login CSRF   Murali Vadakke Puthanveetil
Friday the 13th: Attacking JSON   Alvaro Munoz
Handling of Security Requirements in Software Development Lifecycle   René Reuter
How To Approach InfoSec Like a Fed(eral Auditor)   Scott Cutler
How to spot and stop a wolf in sheep’s clothing (a.k.a Account Takeover)   Nick Malcolm
iGoat – A Self Learning Tool for iOS App Pentesting and Security   Swaroop Yermalkar
Juggling the Elephants – Making AppSec a Continuous Program   Tony Miller
Making Vulnerability Management Less Painful with OWASP DefectDojo   Greg Anderson
Measuring End-to-End Security Engineering   Davit Baghdasaryan
Monitoring Application Attack Surface and Integrating Security into DevOps Pipelines   Dan Cornell
Moving Fast and Securing Things   Fikrie Yunaz
Overcoming Mobile App Security Challenges with DevOps   Brian Lawrence
Popular Approaches to Preventing Code Injection Attacks are Dangerously Wrong   Matt Russell
Practical Dynamic Application Security Testing within an Enterprise   Nicholas Doell
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections   Hsien-De Huang (tonton)
ReproNow: Save time Reproducing and Triaging Security bugs   Vinayendra Nataraja
SecDevOps: Building a Secure DevOps Pipeline   Matt Tesauro
Securing C code that seems to work just fine   Jonathan Foote
SPLC as a Service   Julia Knecht
Supply Chain Anarchy – Trojaned Binaries in the Java Ecosystem   Jeff Williams
Test Driven Security in the DevOps pipeline   Julien Vehent
There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge   Kevin Glisson
This Old App, a guide to renovating apps for the cloud   Christian Price
Top 10 Security Best Practices to secure your Microservices   Chintan Jain
WAFs FTW! A modern devops approach to security testing your WAF   Zack Allen
What We Learned Remediating XSS in GitHub Open Source Projects   Mike Fauzy
When Molehill Vulnerabilities Become Mountainous Exploits   Matt Rose



Advanced SQL Injection Exploitation   David Caissy
AppSec Fundamentals   Chris Romeo
AppSec Safari: Advanced XSS Exploitation Techniques   Mark Hoopes
Cyber Ninjas – Burp Plugin Development   Douglas Logan
Defensive Application Security Program – Training   Rafael Brinhosa
Defensive Web Security with ModSecurity: A practical approach   Victor Hora
Hands On Hardened Web Service Development using ASP.NET   Kelly Correll
Hands-on Security in DevOps and Application Security Automation Workshop   Abhay Bhargav
Mitigation for OWASP Top 10 2017 A7 Insufficient Attack Protection using OWASP AppSensor   Juan Carlos Calderon
Mobile App Attack   Sneha Rajguru
Open Source Defensive Security   Leszek Miś
Practical DevOps Security and Exploitation   Suraj Biyani
Practical Hands-on Internet of Things Hacking – 2017 Edition   Aditya Gupta
Whiteboard Hacking aka Hands-on Threat Modeling   Sebastien Deleersnyder