5:00 ÖS - 6:00 ÖS (UTC)

In this session Ray Kao will share an overview of GitHub Advanced Security key features including code scanning, secret scanning, and supply chain security.

5:00 ÖS - 6:00 ÖS (UTC)

Join us as Lindsey Bocatto and Dan Shanahan highlight the latest AI-powered features in GitHub Advanced Security.

5:00 ÖS - 6:00 ÖS (UTC)

In this session, learn how to set up GitHub Advanced Security into your GitHub and Azure DevOps pipelines to keep your developers engaged and ensure security throughout your development cycles.

2:00 ÖS - 6:00 ÖS (UTC)

This session will showcase GitHub's new AI-powered application security testing capabilities and cover how Microsoft views the code to cloud security synergy between GitHub Advanced Security and Defender for Cloud. The event will include educational sessions and hands-on labs. Participants will have the opportunity to connect with each other, elevate their expertise, and enhance their development capabilities. Agenda: GitHub AI-powered application security testing Code to cloud security with GitHub and Microsoft Hands on lab: strategically roll out your security program with GHAS and Defender for Cloud.

5:00 ÖS - 6:00 ÖS (UTC)

In this session, Andrew McCoy will show how you can meet your regulatory requirements by enforcing compliance standards and security policies with GitHub Advanced Security.

5:00 ÖS - 6:00 ÖS (UTC)

In this talk we provide a brief walk-through using Copilot to aid in detecting and fixing security vulnerabilities in source code. Topics covered include: A basic introduction to improving SDLC security using IDE and local environment tools Detecting OWASP Top 10 style vulnerabilities in an example application Remediating detected issues Creating .gitignore files to prevent environment files being committed Looking at how GHAS can be combined with Copilot to improve security further.

5:00 ÖS - 6:00 ÖS (UTC)

Developers deserve the chance to do the right thing. Leadership doesn’t always make it so easy. But in the face of mounting regulations and an ever-changing landscape of application security risks, the opportunity to turn obstacles into opportunities has never been more evident. This week’s guests are industry leaders in the field of software governance. Caleb Queern is the Managing Director of Cybersecurity at KPMG. Michael Edenzon is the Co-Founder and CEO of Fianu, and previously served as the Director of DevOps at PNC Bank. In 2022, Michael and Caleb co-authored the business novel Investments Unlimited, a fictional story about a bank’s journey toward automated governance. What began in 2019 as an industry-led whitepaper has become a movement encompassing AppSec, DevOps, and software supply chain security. At the heart of this movement are platforms like GitHub Advanced Security and Fianu. Caleb and Michael will tell the story of automated governance, the successes and pitfalls of large enterprises that aim to implement it, and how the principles of flow, fast feedback, and continuous improvement can be preserved so that you and your organization can thrive amidst an ever-growing landscape of rules and regulations. Learn more about the series!

5:00 ÖS - 6:00 ÖS (UTC)

In this session, we’ll explore the hidden risks that threaten APIs and delve into vulnerabilities within your codebase. From scanning OpenAPI specs to dynamic testing, we’ll equip you with practical strategies to harden your APIs against attacks. Discover how to seamlessly integrate security practices into your DevOps pipelines. Let’s build a robust shield together! Don’t miss this opportunity to enhance your API security expertise.

5:00 ÖS - 6:00 ÖS (UTC)

Developers invest a lot of time and effort into their code, making sure it safely delivers innovation and value to users. Unfortunately, a lot of that effort is wasted investigating security findings that ultimately represent no risk to the application. With the GitHub Advanced Security integration, Endor Labs enables development teams to establish efficient, automated processes to deliver software while eliminating 80% of the security noise that wastes developer time.

5:00 ÖS - 6:00 ÖS (UTC)

Find vulnerabilities earlier, ship software faster. These are the good intentions behind the drive to shift application security workflows from security teams to developers: a “shift left” move in the software development lifecycle. But does it really work? Hear from leading experts on how AI can help automate security work and make it more developer-centric, topics will include: Secure open source and LLM selection Prioritize risk based on what is reachable and exploitable Remediate at scale without context switching

5:00 ÖS - 6:00 ÖS (UTC)

Description: The rapid adoption of frameworks, DevOps, CI/CD, and agile processes has increased the velocity at which development teams can iterate and deliver, outpacing security teams' ability to address issues. The introduction of GenAI has exacerbated this problem by further increasing delivery velocity and requiring more APIs to interact with AI. In this session, Scott Gerlach will discuss how to ensure your code is protected in a GenAI-driven software development environment.