Recommended Conference Talks

How Leading Companies are Scaling Their Security

How Leading Companies are Scaling Their Security

A collection of practical, actionable security automation pro-tips, based on an extensive survey of existing DevSecOps research combined with in-person conversations with AppSec engineers at companies with mature security programs.

Slides and Video

Lessons Learned from the DevSecOps Trenches

Lessons Learned from the DevSecOps Trenches

Clint moderated a panel of AppSec professionals experienced in security automation discussing their lessons learned, best practices, mistakes they’ve made, and more. Panel members included senior security leaders from Dropbox, Netflix, Datadog, DocuSign, and Snap.

Video

DevSecOps State of the Union

Summarizes and distills the unique tips and tricks, lessons learned, and tools discussed in a vast number of blog posts and conference talks over the past few years, and combines it with knowledge gained from in-person discussions with AppSec engineers at a number of companies with mature security teams. This talk references 40 other excellent talks in 30 minutes.

Slides and Video

Automated Bug Finding in Practice

Automated Bug Finding in Practice

A nice introduction and overview of automated bug finding techniques, covering the strengths, weaknesses and best use cases for leveraging several approaches. We discuss static and dynamic taint analysis, symbolic execution, fuzzing, and combining symbolic execution and fuzzing.

Slides and Video

About Us

Clint Gibler

Clint Gibler

Clint is a co-founder of Practical Program Analysis, LLC. By day, Clint is a Technical Director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups.

Clint has previously spoken at conferences including BlackHat USA, AppSec USA, and AppSec EU. Clint holds a Ph.D. in Computer Science from the University of California, Davis.

Daniel DeFreez

Daniel DeFreez

Daniel is also a co-founder of Practical Program Analysis, LLC. By day, Daniel is a PhD student at the University of California, Davis, where his research focuses on developing program analysis techniques to find bugs in the Linux kernel.

Our Philosophy

We believe that security professionals have a moral obligation to build systems that are safe by default, respect privacy by default, and cannot be used for surveillance or censorship.

We share our research publicly, because that’s the best way for the industry to move forward. Together.

We believe that security tools can be fast, intuitive to use, and make intelligent security professionals vastly more productive.

We believe that security tools should be accessible to a broad audience, not prohibitively expensive, and should be designed with extensibility and customizability in mind.

Finally, we find joy in understanding the core of how and why things work, prototyping whacky tool ideas simply because we can, and doing our best to leave a positive mark on the world.

Keep in Touch

We write about:

  • Application security, scaling security and DevSecOps.
  • Automated bug finding (static and dynamic analysis, fuzzing, etc.)
  • Summaries of current security research, from industry and academic conferences.
  • Evaluating open source and commercial security tools - tips and tricks on using them, how they work, and potential gotchas.
  • How to build your own custom security tools.

Enter your email below and we’ll let you know when we publish something new.

You can read our prior newsletters here.