The Internet of Things (IoT) has revolutionized the way we interact with our environments, connecting billions of devices to enhance efficiency, convenience, and automation in various sectors such as healthcare, transportation, and smart homes. However, the proliferation of interconnected devices also introduces significant security challenges. IoT devices, often designed with limited computing resources, may lack robust security features, making them vulnerable to cyber-attacks. As IoT continues to expand, discovering and addressing its security vulnerabilities becomes paramount to safeguarding personal privacy and ensuring the resilience of interconnected infrastructures.

In this Tech Talk, Aaron Guzman and Luca Pascal Rotsch will present their OWASP IoT Security Testing Guide (ISTG) project. Version 1.0.0 of this guide was published on March 1, providing a comprehensive methodology for penetration testing in the IoT field. While the guide is mainly intended to be used by penetration testers, the resources it provides may also help manufacturers and operators of IoT devices to proactively improve the security of their devices. The project leaders will introduce and demonstrate current capabilities of the guide as well as share insights into what is planned.

Join the world’s brightest innovators, practitioners, and community leaders for a full day of in-depth training, discussions, strategy sessions, networking and more with a retro gaming twist!

AI-powered code generation tools like ChatGPT and GitHub Copilot have taken the development world by storm, promising increased efficiency and productivity. However, the security implications of AI-generated code cannot be overlooked. In this session, Jason Michael Perry, CTO of Mindgrub, will guide you through best practices and precautions when utilizing these powerful tools to ensure the security and reliability of your codebase.

Join Michael Krueger, Senior Director Application Security Services at NowSecure, as we delve into the most pressing challenges faced by customers in their Mobile AppSec programs. From balancing coverage and speed to validating findings from automated tools, our experts will provide practical solutions to help you navigate through the complexities of mobile application security such as:

• How to achieve comprehensive coverage while leveraging automation
• Tailoring manual and automated testing to business risks
• Ensure coverage for complex workflows with Guided Testing
• Upskilling web-centric teams into proficient mobile app pen testers

The OWASP MASVS and OWASP MASTG are industry leading standards that top mobile app security and development professionals rely on to ensure their apps are secured. How is the MAS Project continuing to evolve, and what does that mean for your mobile appsec programs?

Join February’s TechTalk, where Carlos Holguera, OWASP Mobile Application Security (MAS) Project Lead, will give insights on updates and changes to the OWASP Mobile Application Verification Standard (MASVS) in Version 2.1.0. Learn about the new risk scoring proposal, the new MASVS-PRIVACY category and controls, upcoming MASTG risks and atomic tests, Mobile Application Security Testing Guide (MASTG) new refactoring and mobile app security best practices as a whole.