This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2017 BASC Homepage

Revision as of 00:44, 9 October 2017 by Tom Conner (talk | contribs) (Keynotes)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Home | Agenda | Presentations | Workshops | Speakers | Register | Twitter 32.png
Platinum Sponsors

Black Duck Software MIT Lincoln Laboratory Veracode

Gold Sponsors



Silver Sponsors

Qualys bugcrowd

Sponsorships are available: See Sponsorship Kit
Please help us keep BASC free by viewing and visiting all of our sponsors.


This is the homepage for the 2017 Boston Application Security Conference (BASC). *Note that the conference will be free but training and workshops may incur a fee*. Conference will take place 8:30am to 6:30pm on Saturday, October 14th at

The BASC will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide-array of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time.


Please Register Now

Registration is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited.


Writing Code to Save the World

Chris Poulin, Booz Allen Hamilton

Chris Poulin.png

Every application that you create, every line of code that you type, has the potential to do good or cause harm. Your app may allow banks to transfer funds used to find a cure for cancer, optimize processing of food so that it's affordable to the poor and starving, and even an instant messaging app--ostensibly just a social distraction--can allow repressed citizens to mount a revolution. At the same time, a single line of poorly written code or a mistake in the implementation of an authentication mechanism, can reroute millions of dollars away from a cancer research lab into the pockets of cybercriminal, allow terrorists to taint the food supply, or enable the continued crimes against humanity by an autocratic regime. The OWASP provides guidance on how to write more secure code, and you'll get plenty of training and hands-on practice at BASC; beyond coding hygiene, how can you solve the problem of security by writing applications that solve the larger problems? Chris Poulin explores the potential to not just write secure code, but to create apps that solve the bigger security issues.

Chris Poulin is Principal/Director in Booz Allen Hamilton’s Strategic Innovations Group, where he leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he lead their X-Force research teams and built the first prototype Watson for cybersecurity. Despite his recent roles in large enterprises, he has an entrepreneurial background, having founded, built, and sold a boutique information security consulting firm, FireTower, Inc., and served as the Chief Security Officer for Q1 Labs, a startup in the Security Intelligence space. Chris started his security career in the U.S. Air Force over 30 years ago, where he managed global networks and developed software for the intelligence community.

All about You – the Cyber Security Professional

Candy Alexander, CISSP, CISM, Board of Directors, ISSA International


It is fact that there is a lack of skilled resources to fill the demand of open jobs. Mainstream approaches used today focus on attracting new talent, however there is no concerted effort on how we keep skilled people in the profession. Learn what can be used to get you what you need, when you need it, and how to become successful throughout your career.

Candy Alexander has nearly 30 years’ experience security working for various large high tech companies. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed Corporate Security Programs. She is now working as a Virtual CISO and Executive Cyber Security consultant assisting companies large and small to improve their potential risks through effective security initiatives. Candy is the chief architect for the Cyber Security Career Lifecycle for the ISSA (Information Systems Security Association), and is a long-standing Director on the International Board. She is also the past President and Board Member of the ISSA Education and Research Foundation. Candy has also served as Vice President of Education and Vice President of International Relations for the ISSA. She remains a loyal member at the local level with the New England Chapter and the ISSA - New Hampshire Chapter. 

Candy has received numerous awards and recognition, including that of Distinguished Fellow of the ISSA, ranking her as one of the top 1% in the association, and she was inducted into the ISSA Hall of Fame in 2014. She also had the opportunity to be a featured speaker for the IT Security Symposium at the United Nations, and received an invitation to the Offices of the White House to speak on the importance of security awareness to the President's "Cyber-Czar" staff.

The Details

OWASP Boston Chapter

BASC is presented by the OWASP Boston chapter.

You can find out more about this conference at the 2017 BASC Homepage
or by emailing [email protected]
Twitter 32.png