Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY
Steven Wierckx

Steven Wierckx
Consultant, Toreon


Steven Wierckx is a software and security tester with 20 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design. Steven shares his passion for web application security through writing and training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He’s the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. He spoke at Hack in the Box Amsterdam, hosted workshops at BruCON and DevSecCon (UK) and delivered threat modeling training at OWASP AppSec USA, OWASP AppSec Israel, BruCON and O’Reilly Security New York.


9:00am - 5:00pm Sunday, October 29 & Monday, October 30
Tools and processes
Location: Gibson
Steven Wierckx (Toreon)
Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling and discusses privacy threats and privacy by design. Read more.
9:00am–5:00pm Monday, October 30, 2017