Last month, I attended the two day AppSec Days Pacific Northwest Conference presented by OWASP Foundation.
On the first day, I started off attending a talk on the tradeoffs of static code analysis.
After a short break, I went to a talk on how to reverse engineer an undocumented API, in which I learned about the HTTP Archive (HAR) file, which can be used to log all of a user’s activity on a site.
Later on, we had a lunch break and I took the opportunity to meet and network with some fantastic security professionals in the industry.
In the afternoon, I attended a great session on AI and cybersecurity and how ChatGPT can be used to generate bots that help with red teaming applications. Super interesting topic and everyone was very engaged the whole time!
On the second day, I attended a workshop where I learned about finding vulnerabilities in code. One thing I took away from this workshop is the concept of sources and sinks. Starting from the sink, which is the point of use of input, we can work backwards to the source and determine in what ways is the application vulnerable.
All in all, I thoroughly enjoyed the conference and am looking forward to the next time it returns to Vancouver!