When we first held AppSec DC in 2009, I had just come back from a two-year jaunt (job-wise) away from the world of information security. I’d long been a proponent of the fact Washington DC should have the best Information Security community in the world. I didn’t want to lose touch with either the DC or the greater InfoSec community while I was dabbling in online collaboration and presence, so I made a point of focusing on participating in community outside of work, and became active in a variety of meet-ups and organizations across different technology sectors. AppSec DC was a chance to try to cross boundaries, and get people from many different communities talking in the same conversation about Application Security.
One of the important missions that the OWASP board charged us with for the first AppSec DC was to reach out to the federal government, to try to establish channels for dialog, and put forth all that OWASP has to offer. Even though it is based in the DC locale, the US Government has national and global implications in everything it does, so that’s not an insignificant mission. In working with our team putting the conference together, I realized two things: That although reaching out to the government would be a long term project, it was absolutely imperative in the emerging threat environment -– but also that there are a lot of people in DC outside of the federal government who also are having an amazing impact on technology, with much further reaches than just the surrounding area, and that we should include them as well.
AppSec DC is now in its third iteration, and over the past three years, we have tried to make inroads to many parties in DC and beyond who should be involved in this dialog. We’ve solidified reaching out to the government, but we’ve also worked on reaching out to the startup and web community in DC. The Washington DC Metropolitan area has been a tech leader since the first dotcom boom, and even with hard economic times, the area is generating startups, new companies, and talent at an astonishing rate. To reflect that in our content, Dan Geer, CTO of In-Q-Tel, a government incubator for innovative research and development will be keynoting our conference this year. Ken Johnson and Matt Ahrens from Living Social will be discussing how they implemented an Application Security in an environment with 1500% growth in less than two years, and Neil Matatall from Twitter talking about an OWASP project he leads that helps developers write more secure code. Mobile applications are driving a lot of the next generation of the Internet. We will also have Jeff Six, O’Reilly author of “Application Security for the Android Platform,” as well as an entire track on Mobile Application Security, and training on a variety of topics that assist developer in all environments, be it how to develop secure mobile app, assess apps, or just how to code securely in general.
This year, we are also trying to recognize a change that is happening inside of OWASP. In the past year, a need for an ampersand between the “Web” and “Application” has been made blatantly obvious. OWASP has long been generating content where 95% of it applies to all fields of application security, but some have dismissed it because of the word “Web” in the title. In an effort to support getting our message out to all application security practitioners, this year AppSec DC has expanded our offerings to include the world of Critical Infrastructure & Control Systems. We’ll be featuring presentations on how Application Security affects Smart Grid/AMI, ICS, and other pieces of Critical Infrastructure.
While the scope of the conversation and its impact is increasing, we can’t really grow that dialog without more participants. We would like you to bring your voice to the table. As a non-profit, OWASP provides the training and conference at a fraction of comparable industry events, with ease of access at a state of the art facility in downtown DC. We hope that you will be able to join us this year, and for many years to come.