Password Hashing - From Zero to Hero

Storing passwords securely isn't as easy as you might think. In this talk you'll learn everything there is to know about password hashing: how it works, what algorithms to use, how those algorithms work, and how to handle the ever-changing threat landscape.

In particular, you'll learn all about the history and evolution of password hashing algorithms, how they're compromised, and how the cryptography community has evolved in their approach over the years.

By the end of this talk you'll be extremely knowledgeable about password security and will know *exactly* what to do to improve password security in applications you develop.

An Introduction to PASETO Tokens

JSON Web Tokens (JWTs) have become ubiquitous in the web authentication landscape over the last four years. In this talk, I'll introduce you to their successor: PASETO tokens (platform agnostic security tokens).

Accelerate with Confidence: Integrating Security into High-Velocity Development with Atlassian

As generative AI accelerates software development at an unprecedented pace, the need to prioritize security from the start has never been more critical. For senior engineers and engineering leaders, balancing speed with security is essential to ensure that development practices scale smoothly and safely. In this talk, we’ll explore how world-class engineering teams are adapting to this fast-paced environment by embedding security seamlessly into their workflows, leveraging the power of Snyk and Atlassian.

We’ll discuss how Snyk’s vulnerability detection and remediation tools integrate directly with Atlassian’s suite, creating a robust framework where security is embedded at every stage of the development lifecycle. By integrating with Atlassian tools like JIRA, Bitbucket, Compass, and Confluence, Snyk enables teams to find and fix vulnerabilities with minimal friction, allowing developers to prioritize security without sacrificing velocity.

The session will also cover how Atlassian’s platform enables distributed teams to build software at scale, fostering collaboration while ensuring that secure coding practices are consistent and measurable across the organization. Attendees will gain insights into how to implement a security-focused development pipeline that both enhances productivity and mitigates risk, positioning their teams to deliver secure, high-quality software at scale.

TAKEAWAYS

- Learn strategies for integrating security seamlessly into fast-paced development cycles driven by generative AI.
- Discover how Snyk’s vulnerability detection tools and Atlassian’s suite streamline secure development at scale.
- Gain insights into enabling distributed teams to maintain high security standards while building software rapidly and collaboratively.

12 Factors of Pain and Suffering

Interested in seeing how an experienced developer falls short in the real world? In this talk, you'll learn, laugh, and cry at all the ways a professional developer has screwed up -- in production. Along the way, you'll discover the joys of the 12-factor application and its guiding principles.

JSON Web Tokens Suck

JSON Web Tokens (JWTs) are all the rage in the security world. They’re becoming more and more ubiquitous in web authentication libraries, and are commonly used to store a user’s identity information.

In this talk Randall Degges, Head of Developer Advocacy at Okta, will take you on an extensive tour of the web authentication landscape. You’ll learn how JWTs and Sessions work, and why JWTs are the worst possible solution for solving web authentication problems.

You’ll also learn the real reason behind JWTs rise to fame, and better ways to secure your websites that don’t involve misplaced hype.

Useful Cryptography, An Introduction

Cryptography is often thought of as a scary topic, but it doesn't have to be. In this talk, you'll learn about different types of useful cryptography, how they work (without needing a PhD in mathematics), and how to immediately start applying these concepts in your projects.

Building Fast, Building Safe: Using AI-Powered Coding Assistants for Secure Development in Atlassian

In a fast-evolving software landscape, AI-powered coding assistants are revolutionizing the way developers work, enabling them to ship code faster. In this talk, we’ll dive into practical ways developers can integrate AI into their daily workflows to not only accelerate development but to also make security a proactive part of the process.

Join us as we explore the powerful intersection of AI, DevOps, and security tooling with Snyk’s modern AI vulnerability detection and remediation tools. Learn how to plug Snyk directly into Atlassian’s ecosystem—such as Bitbucket for automated scanning, JIRA for tracking, Atlassian Pipelines for continuous security monitoring and Compass to view security alerts and metrics for your components. You’ll walk away with insights into how AI-driven security tools can assist you in identifying and remediating vulnerabilities in real-time, seamlessly within your IDE, CI/CD pipelines and scorecards.

Through practical examples and live demos, we’ll demonstrate how to set up these integrations to get the best of both worlds: rapid innovation and robust security. Whether you’re new to AI coding assistants or looking to deepen your AI skills within the Atlassian ecosystem, this talk will provide a roadmap to building faster—and safer—software.

TAKEAWAYS

- Understand how AI-driven coding assistants can accelerate development without sacrificing security.
- Learn to implement Snyk’s AI-powered vulnerability detection and Atlassian tools like Bitbucket, JIRA, Compass and Atlassian Pipelines for secure, efficient workflows.
- Gain practical knowledge for creating a developer workflow that supports both speed and security, with AI as your teammate.

Blueprint for Success: Building a Scalable, Integrated Application Security Program with Atlassian

In today’s fast-paced digital landscape, building a scalable and effective application security program is critical—and challenging. For senior engineering and security leaders, the need to proactively manage vulnerabilities across a complex infrastructure requires a clear strategy, robust tools, and cross-functional alignment. This session provides a comprehensive blueprint for developing and scaling a modern application security program using AI-driven security tools like Snyk, seamlessly integrated within Atlassian’s ecosystem.

We’ll explore practical strategies to build security into development processes without slowing down innovation. Leveraging Snyk’s advanced vulnerability detection and remediation capabilities, we’ll show how to create an automated, secure pipeline that integrates directly into Atlassian tools. Using JIRA for vulnerability tracking and Compass for visualizing key security metrics, we’ll demonstrate how to create real-time, security-focused dashboards that not only track vulnerabilities but also showcase team performance against security goals.

Attendees will gain insights into how to leverage these integrated workflows to achieve organization-wide visibility, foster cross-functional collaboration, and drive continuous improvement in security practices. Join us to learn best practices for launching or refining your organization’s application security program, with real-world examples of how to empower teams to own and act on security in every phase of development.

TAKEAWAYS

- Learn best practices for building a scalable, integrated application security program in a modern organization.
- Discover how Snyk and Atlassian tools like JIRA and Compass can streamline vulnerability tracking, visibility, and collaboration across teams.
- Understand how to create security-focused dashboards to measure program success, team performance, and track continuous improvement.