|Skyler Berg, Application Security Engineer

Skyler Berg is a code writer, bug finder, and application defender. At DocuSign, Skyler drives continuous improvement of the company’s application security posture. To do this, he pentests, creates security libraries, and builds security-focused data analysis tools. Some of his professional interests include increasing visibility into production applications and automating security in a continuous delivery environment. As a bug bounty hunter, he trawls the Internet for vulnerabilities to gain swag, profit, and to have fun. His favorite bounty reward so far is a fancy pair of socks. Skyler is passionate about education, having presented on various topics in information security and software development at universities. He is also an open source enthusiast who has contributed to Salt, OpenStack, Redox, and other ecosystems.
Sufficient Web Application Security Monitoring
OWASP added insufficient logging and monitoring to the top 10 web application security risks last year. This raises the question, what does sufficient logging and monitoring look like? Tools such as an IDS/IPS or a WAF lack the context necessary to understand your web applications. Getting insight into the security of an application requires thinking like a developer. By integrating with developer tools, we can build a robust web application monitoring program that provides benefits for the entire organization. This talk will cover how to get started collecting telemetry from web applications. After this ground work, we will build out our application security playbook with an emphasis on identifying simple and highly reliable indicators of attacks or compromises. Finally we will move on from the technical challenges into a discussion of how your organization can respond to your findings. Bringing it all together involves not just information security, but also software development, and operations.
Schedule of Events