Recap OWASP AppSec California 2017

The Open Web Application Security Project (OWASP) Los Angeles Chapter teamed up with the Orange County, Santa Barbara and San Diego chapters to bring us the [4th Annual AppSec California Security Conference](/ "target="_blank) (held at the Annenberg Community Beach House in Santa Monica, California, USA).

It was an amazing opportunity to discuss security with security professionals, developers, penetration testers, QA and testing professionals from across the U.S. and around the world.

Jscrambler had already been a sponsor at OWASP AppSecUSA 2016 in Washington, last October, but was a first-time contributor in AppSec California. We have to say we were truly impressed by its dimension, considering we’re talking about a regional event and we definitely found it a rewarding experience, not only for its different spin but also for being hosted right at the beach!

If you were unable to attend OWASP AppSec California 2017, don’t worry. All of the sessions were recorded, which will eventually be posted on the OWASP YouTube channel. In the meantime, take a look at our key insights from the event:

At the 2-days conference, we had the chance to watch some great presentations as the program was composed by 23 talks thoroughly chosen from more than 87 that were submitted. Our CTO, Pedro Fortuna, was invited to speak at this edition and explained the type of attacks and threats that organizations are facing on the client-side of web applications and what should be done to preserve their integrity.

The talk was at the Garden Terrace Room and drew the interest of dozens of people working both in web development and security. Pedro demonstrated some attack scenarios and how to avoid them to make sure web applications behave exactly as they were designed. Since more and more of an app's logic is transferred from server-side to client-side, organizations need to focus much more on security and applications need to be protected in a more comprehensive manner.

The feedback from the audience was extremely positive and it was made clear for everyone that there’s a lot to be done when it comes to client-side application security especially since, to date, companies have been focused on the threats via the server and have paid little attention to the hidden dangers of tampering on the client-side.

There were several companies represented in the Vendor Expo. Jscrambler was at Booth #22 discussing security and demoing its technology to an audience of developers, security and tech professionals. The Jscrambler team had the opportunity to speak with numerous individuals and organizations about topics such as client-side RASP (Runtime Application Self-Protection), JavaScript Application Security, MiTB and DOM-tampering attacks. If you would like to know more about what we’ve shown there, do contact us [here](mailto:[email protected] "target="_blank).

It’s easy to understand the organization’s efforts to avoid the relocation of this event. The landmark Marion Davies House was the perfect choice for the great Opening Reception where attendees had the chance to network while listening to the waves. The place is terrific and the food was great which made the place crowded, clearly an indicator of the success of the event.

To recap the event, [Selena Templeton](/selenatempleton "target="_blank) highlighted the Women in Security panel which was among the most highly attended, a clear indication that this topic resonates strongly with both women and men. Check it out here:

Huge thanks to the local OWASP AppSec California 2017 organizing team for delivering such a stimulating conference! Once again, it was a pleasure to sponsor the premier application security conference for developers and security experts, share knowledge and experiences about secure systems and secure development methodologies and contribute to building security awareness in the Southern California community. We look forward to the next one!