This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2018 BASC Homepage

Jump to: navigation, search
Home | Agenda | Code of Conduct | Presentations | Workshops | Speakers | Twitter 32.png

Platinum Sponsors

HackerOne Black Duck Software Optiv Veracode

Gold Sponsors

Checkmarx Dell Qualys nVisium GoSecure


Silver Sponsor


Please help us keep BASC free by viewing and visiting all of our sponsors.


This is the homepage for the 2018 Boston Application Security Conference (BASC). Conference will take place 8:30am to 6:30pm on Saturday, October 27th at

The BASC will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide-array of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time.


Please Register Now

Registration is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited.

You may also register for one or more workshops, but workshop tickets are limited. Please be considerate of others and only register for a workshop if you plan to attend. If your plans change, please cancel your ticket to free the space up for others. Do not sign up for more than one session of the same workshop, or for workshops whose times overlap. If you do, conference organizers will cancel your ticket orders.


Secure By Design

Chris Wysopal, CA Veracode

Screen Shot 2018-08-29 at 4.44.11 PM.png

As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company, that is competing with software. Companies are pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, software is more often assembled than it is created from scratch, as developers are more frequently incorporating open source libraries to speed up time-to-market. But as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk. In this keynote Chris Wysopal talks about what it means to build software secure by design. He will describe how to build a software development process that has continuous security, is measurable, and is transparent.

Chris Wysopal is Chief Technology Officer at CA Veracode. He oversees technology strategy and information security. Prior to co-founding CA Veracode in 2006 CA Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing. Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking the many conservation trails near his home outside Boston.

Security at the Intersection of Software, Biology, and Science Fiction

Chris Poulin, BitSight Technologies


The Internet of Things has lured traditional developers into the realm of writing code for systems that interact with the physical world. The current wave of devices are largely consumer and industrial devices--things such as cars, thermostats, meters, and pumps--that have been connected to the internet. We've barely begun to understand the security ramifications of this pervasive network of sensors and actuators; what happens when we start connecting ourselves, humans, to the IoT?

Chris Poulin is a Principal Consulting Engineer at BitSight Technologies, guiding enterprises in assessing risk metrics and managing third party relationships. He’s been in cybersecurity for almost 35 years, in both technical roles as a developer for the DoD intelligence community, and executive positions, such as CSO for Q1 Labs and CEO of his own boutique consultancy. He’s spent time in both the startup community and at established companies, such as IBM and Booz Allen Hamilton. Chris brings this breadth of experience to customers, clients, and the stage.


OWASP Boston Chapter

BASC is presented by the OWASP Boston chapter.

You can find out more about this conference at the 2018 BASC Homepage
or by emailing [email protected]
Twitter 32.png