*AppSecUSA Presentations and Talks

== Thursday 25th Oct ==
=== 10:00 am - 10:45 am ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements ====

'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF] 
|-
! scope="col" align="left" width="100%" |
==== Top Ten Web Defenses ====
'''Jim Manico''' | Mobile | [https://www.owasp.org/images/0/08/Top_10_Defenses_for_Website_Security.pdf Top 10 Defenses for Website Security - PDF] 
|-
! scope="col" align="left" width="100%" |
==== Mobile Applications & Proxy Shenanigans ====
'''Dan Amodio''' | Mobile | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ====
'''Alejandro Caceres''' | Reverse Engineering | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Gauntlt: Rugged by Example ====
'''Jeremiah Shirk''' | Rugged devops | Presentation not available 
|}

=== 11:00 am - 11:45 am ===

----

{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
'''Ryan Barnett''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ====
'''Sherif Koussa''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Cracking the Code of Mobile Application ====
'''Sreenarayan Ashokkumar''' | Mobile | [https://www.owasp.org/images/c/cd/Cracking_the_Mobile_Application_Code.pdf Cracking the Mobile Application Code - PDF]
|-
! scope="col" align="left" width="100%" |
==== Hacking .NET Application: Reverse Engineering 101 ====
'''Jon Mccoy''' | Reverse Engineering | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
'''Josh Corman''' | Rugged devops | [https://www.owasp.org/images/d/d5/Doing_the_Unstuck.pdf Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF]
|}

=== 2:00 pm - 2:45 pm ===

----

{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Hacking with WebSockets ====
'''Vaagn Toukharian''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Bug Bounty Programs ====
'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | Presentation Not available
|-
! scope="col" align="left" width="100%" |
==== How we tear into that little green man ====
'''Mathew Rowley''' | Mobile | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ====
'''Jerry Hoff''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Put your robots to work: security automation at Twitter ====
'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | Presentation Not available 
|}

=== 3:00 pm - 3:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
'''Michele Orru''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ====
'''Shay Chen''' | Developer | [https://www.owasp.org/images/f/f5/The_Diviner_-_Digital_Clairvoyance_Breakthrough_-_Gaining_Access_to_the_Source_Code_%26_Server_Side_Memory_Structure_of_ANY_Application.pdf Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF]
|-
! scope="col" align="left" width="100%" |

==== Demystifying Security in the Cloud: AWS Scout ====
'''Jonathan Chittenden''' | Cloud | [https://www.owasp.org/images/0/0f/Demystifying_Security_in_the_Cloud.pdf Demystifying Security in the Cloud - PDF]
|-
! scope="col" align="left" width="100%" |
==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ====
'''Ofer Maor''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Rebooting (secure) software development with continuous deployment ====
'''Nick Galbreath''' | Rugged devops | Presentation not available
|}

=== 4:00 pm - 4:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Cross Site Port Scanning ====
'''Riyaz Walikar''' | Attack | [https://www.owasp.org/images/8/89/Poking_Servers_with_Facebook-Cross_Site_Port_Scanning.pdf Cross Site Port Scanning - PDF]
|-
! scope="col" align="left" width="100%" |
==== Analyzing and Fixing Password Protection Schemes ====
'''John Steven''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ====
'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== WTF - WAF Testing Framework ====
'''Yaniv Azaria, Amichai Shulman''' | Architecture | [https://www.owasp.org/images/0/00/OWASP-2012-WTF.pdf WAF Testing Framework - PDF]
|-
! scope="col" align="left" width="100%" |
==== DevOps Distilled: The DevOps Panel at AppSec USA ====
'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF]
|}

== Friday 26th Oct ==
=== 10:00 am - 10:45 am ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Effective approaches to web application security ====
'''Zane Lackey''' | Developer | [https://www.owasp.org/images/b/b4/Effective_approaches_to_web_application_security.pdf Effective approaches to web application security - PDF]
|-
! scope="col" align="left" width="100%" |
==== Why Web Security Is Fundamentally Broken ====
'''Jeremiah Grossman''' | Developer | [https://www.owasp.org/images/9/90/Web_Security_Fundamentally_Broken.pdf Why Web Security Is Fundamentally Broken - PDF]
|-
! scope="col" align="left" width="100%" |
==== Payback on Web Attackers: Web Honeypots ====
'''Simon Roses Femerling''' | Architecture | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Spin the bottle: Coupling technology and SE for one awesome hack ====
'''David Kennedy''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Incident Response: Security After Compromise ====
'''Richard Bejtlich''' | Case Studies | Presentation not available
|}

=== 11:00 am - 11:45 am ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== The Same-Origin Saga ====
'''Brendan Eich''' | Developer | [https://www.owasp.org/images/a/a2/The_Same-Origin_Saga.pdf The Same-Origin Saga - PDF]
|-
! scope="col" align="left" width="100%" |
==== Hack your way to a degree: a new direction in teaching application security at universities ====
'''Konstantinos Papapanagiotou''' | Developer | [https://www.owasp.org/images/9/9a/OWASP_Hackademic_AppSecUS2012_v1.pdf Hack your way to a degree - PDF]
|-
! scope="col" align="left" width="100%" |

==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
'''Dan Cornell, Josh Sokol''' | Architecture | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
'''Phil Purviance''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | Presentation not available
|}

=== 1:00 pm - 1:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Builders Vs. Breakers ====
'''Brett Hardin, Matt Konda, Jon Rose''' | Developer | [https://www.owasp.org/images/8/83/OWASP_AppSec_2012-Builders-vs-Breakers.pdf Builders-vs-Breakers - PDF]
|-
! scope="col" align="left" width="100%" |
==== Real World Cloud Application Security ====
'''Jason Chan''' | Cloud | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== NoSQL, no security? ====
'''Will Urbanski''' | Architecture | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== SQL Server Exploitation, Escalation, and Pilfering ====
'''Antti Rantasaari, Scott Sutherland''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Iran's real life cyberwar ====
'''Phillip Hallam-Baker''' | Case Studies | [https://www.owasp.org/images/5/59/Iran%E2%80%99s_Real_Life_Cyberwar.pdf Iran’s Real Life Cyberwar - PDF]
|}

=== 2:00 pm - 2:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Get off your AMF and don’t REST on JSON ====
'''Dan Kuykendall''' | Developer | [https://www.owasp.org/images/2/20/Get_off_your_AMF_and_dont_REST_on_JSON-AppSecUSA2012.pdf Get off your AMF and don’t REST on JSON - PDF]
|-
! scope="col" align="left" width="100%" |
==== Unraveling Some of the Mysteries around DOM-Based XSS ====
'''Dave Wichers''' | Developer | [https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf Unraveling some Mysteries around DOM-based XSS - PDF]
|-
! scope="col" align="left" width="100%" |
==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ====
'''Tobias Gondrom''' | Architecture | [https://www.owasp.org/images/f/fe/OWASP_defending-MITMA_US_2012.pdf Securing the SSL channel against man-in-the-middle attacks - PDF]
|-
! scope="col" align="left" width="100%" |
==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
'''Shreeraj Shah''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== The Application Security Ponzi Scheme: Stop paying for security failure ====
'''Jarret Raim, Matt Tesauro''' | Case Studies | Presentation not available
|}

=== 3:00 pm - 3:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====
'''Bill Chu''' | Developer | [https://www.owasp.org/images/4/46/Interactive_Static_Analysis.pdfInteractive Static Analysis for Early Detection of Software Vulnerabilities - PDF]
|-
! scope="col" align="left" width="100%" |
==== Origin(al) Sins ====
'''Alex Russell''' | Developer | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== The 7 Qualities of Highly Secure Software ====
'''Mano 'dash4rk' Paul''' | Architecture | [https://www.owasp.org/index.php/File:7_Qualities_of_Highly_Secure_Software.pdf 7 Qualities of Highly Secure Software - PDF]
|-
! scope="col" align="left" width="100%" |
==== Web Framework Vulnerabilities ====
'''Abraham Kang''' | Attack | [https://www.owasp.org/images/d/db/WebFrameworkVulnerablilitiesAppSecUSA.pdf Web App Framework Based Vulnerabilies - PDF]
|-
! scope="col" align="left" width="100%" |
==== Web App Crypto - A Study in Failure ====
'''Travis H''' | Case Studies | [https://www.owasp.org/images/2/2f/Web_app_crypto_20121026.pdf Web App Cryptology A Study in Failure - PDF]
|}

=== 4:00 pm - 4:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Security at Scale ====
'''Yvan Boily''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Four Axes of Evil ====
'''HD Moore''' | Developer | [https://www.owasp.org/images/6/6f/Four_Axes_of_Evil.pdf Four Axes of Evil - PDF]
|-
! scope="col" align="left" width="100%" |
==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
'''Wendy Nather''' | Architecture | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Counterintelligence Attack Theory ====
'''Fred Donovan''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Top Strategies to Capture Security Intelligence for Applications ====
'''John Dickson''' | Case Studies | [https://www.owasp.org/images/8/8c/Top_Strategies_to_Capture_Security_Intelligence_for_Applications_OWASP.pdf Top Strategies to Capture Security Intelligence for Applications - PDF]

|}

AppSecUSA 2012.com

2012-11-18T19:21:51Z

Nishi: /* 4:00 pm - 4:45 pm */

*AppSecUSA Presentations and Talks

== Thursday 25th Oct ==
=== 10:00 am - 10:45 am ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements ====

'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF] 
|-
! scope="col" align="left" width="100%" |
==== Top Ten Web Defenses ====
'''Jim Manico''' | Mobile | [https://www.owasp.org/images/0/08/Top_10_Defenses_for_Website_Security.pdf Top 10 Defenses for Website Security - PDF] 
|-
! scope="col" align="left" width="100%" |
==== Mobile Applications & Proxy Shenanigans ====
'''Dan Amodio''' | Mobile | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ====
'''Alejandro Caceres''' | Reverse Engineering | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Gauntlt: Rugged by Example ====
'''Jeremiah Shirk''' | Rugged devops | Presentation not available 
|}

=== 11:00 am - 11:45 am ===

----

{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
'''Ryan Barnett''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ====
'''Sherif Koussa''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Cracking the Code of Mobile Application ====
'''Sreenarayan Ashokkumar''' | Mobile | [https://www.owasp.org/images/c/cd/Cracking_the_Mobile_Application_Code.pdf Cracking the Mobile Application Code - PDF]
|-
! scope="col" align="left" width="100%" |
==== Hacking .NET Application: Reverse Engineering 101 ====
'''Jon Mccoy''' | Reverse Engineering | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
'''Josh Corman''' | Rugged devops | [https://www.owasp.org/images/d/d5/Doing_the_Unstuck.pdf Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF]
|}

=== 2:00 pm - 2:45 pm ===

----

{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Hacking with WebSockets ====
'''Vaagn Toukharian''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Bug Bounty Programs ====
'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | Presentation Not available
|-
! scope="col" align="left" width="100%" |
==== How we tear into that little green man ====
'''Mathew Rowley''' | Mobile | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ====
'''Jerry Hoff''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Put your robots to work: security automation at Twitter ====
'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | Presentation Not available 
|}

=== 3:00 pm - 3:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
'''Michele Orru''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ====
'''Shay Chen''' | Developer | [https://www.owasp.org/images/f/f5/The_Diviner_-_Digital_Clairvoyance_Breakthrough_-_Gaining_Access_to_the_Source_Code_%26_Server_Side_Memory_Structure_of_ANY_Application.pdf Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF]
|-
! scope="col" align="left" width="100%" |

==== Demystifying Security in the Cloud: AWS Scout ====
'''Jonathan Chittenden''' | Cloud | [https://www.owasp.org/images/0/0f/Demystifying_Security_in_the_Cloud.pdf Demystifying Security in the Cloud - PDF]
|-
! scope="col" align="left" width="100%" |
==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ====
'''Ofer Maor''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Rebooting (secure) software development with continuous deployment ====
'''Nick Galbreath''' | Rugged devops | Presentation not available
|}

=== 4:00 pm - 4:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Cross Site Port Scanning ====
'''Riyaz Walikar''' | Attack | [https://www.owasp.org/images/8/89/Poking_Servers_with_Facebook-Cross_Site_Port_Scanning.pdf Cross Site Port Scanning - PDF]
|-
! scope="col" align="left" width="100%" |
==== Analyzing and Fixing Password Protection Schemes ====
'''John Steven''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ====
'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== WTF - WAF Testing Framework ====
'''Yaniv Azaria, Amichai Shulman''' | Architecture | [https://www.owasp.org/images/0/00/OWASP-2012-WTF.pdf WAF Testing Framework - PDF]
|-
! scope="col" align="left" width="100%" |
==== DevOps Distilled: The DevOps Panel at AppSec USA ====
'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF]
|}

== Friday 26th Oct ==
=== 10:00 am - 10:45 am ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Effective approaches to web application security ====
'''Zane Lackey''' | Developer | [https://www.owasp.org/images/b/b4/Effective_approaches_to_web_application_security.pdf Effective approaches to web application security - PDF]
|-
! scope="col" align="left" width="100%" |
==== Why Web Security Is Fundamentally Broken ====
'''Jeremiah Grossman''' | Developer | [https://www.owasp.org/images/9/90/Web_Security_Fundamentally_Broken.pdf Why Web Security Is Fundamentally Broken - PDF]
|-
! scope="col" align="left" width="100%" |
==== Payback on Web Attackers: Web Honeypots ====
'''Simon Roses Femerling''' | Architecture | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Spin the bottle: Coupling technology and SE for one awesome hack ====
'''David Kennedy''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Incident Response: Security After Compromise ====
'''Richard Bejtlich''' | Case Studies | Presentation not available
|}

=== 11:00 am - 11:45 am ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== The Same-Origin Saga ====
'''Brendan Eich''' | Developer | [https://www.owasp.org/images/a/a2/The_Same-Origin_Saga.pdf The Same-Origin Saga - PDF]
|-
! scope="col" align="left" width="100%" |
==== Hack your way to a degree: a new direction in teaching application security at universities ====
'''Konstantinos Papapanagiotou''' | Developer | [https://www.owasp.org/images/9/9a/OWASP_Hackademic_AppSecUS2012_v1.pdf Hack your way to a degree - PDF]
|-
! scope="col" align="left" width="100%" |

==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
'''Dan Cornell, Josh Sokol''' | Architecture | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
'''Phil Purviance''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | Presentation not available
|}

=== 1:00 pm - 1:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Builders Vs. Breakers ====
'''Brett Hardin, Matt Konda, Jon Rose''' | Developer | [https://www.owasp.org/images/8/83/OWASP_AppSec_2012-Builders-vs-Breakers.pdf Builders-vs-Breakers - PDF]
|-
! scope="col" align="left" width="100%" |
==== Real World Cloud Application Security ====
'''Jason Chan''' | Cloud | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== NoSQL, no security? ====
'''Will Urbanski''' | Architecture | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== SQL Server Exploitation, Escalation, and Pilfering ====
'''Antti Rantasaari, Scott Sutherland''' | Attack | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Iran's real life cyberwar ====
'''Phillip Hallam-Baker''' | Case Studies | [https://www.owasp.org/images/5/59/Iran%E2%80%99s_Real_Life_Cyberwar.pdf Iran’s Real Life Cyberwar - PDF]
|}

=== 2:00 pm - 2:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Get off your AMF and don’t REST on JSON ====
'''Dan Kuykendall''' | Developer | [https://www.owasp.org/images/2/20/Get_off_your_AMF_and_dont_REST_on_JSON-AppSecUSA2012.pdf Get off your AMF and don’t REST on JSON - PDF]
|-
! scope="col" align="left" width="100%" |
==== Unraveling Some of the Mysteries around DOM-Based XSS ====
'''Dave Wichers''' | Developer | [https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf Unraveling some Mysteries around DOM-based XSS - PDF]
|-
! scope="col" align="left" width="100%" |
==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ====
'''Tobias Gondrom''' | Architecture | [https://www.owasp.org/images/f/fe/OWASP_defending-MITMA_US_2012.pdf Securing the SSL channel against man-in-the-middle attacks - PDF]
|-
! scope="col" align="left" width="100%" |
==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
'''Shreeraj Shah''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== The Application Security Ponzi Scheme: Stop paying for security failure ====
'''Jarret Raim, Matt Tesauro''' | Case Studies | Presentation not available
|}

=== 3:00 pm - 3:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====
'''Bill Chu''' | Developer | [https://www.owasp.org/images/4/46/Interactive_Static_Analysis.pdfInteractive Static Analysis for Early Detection of Software Vulnerabilities - PDF]
|-
! scope="col" align="left" width="100%" |
==== Origin(al) Sins ====
'''Alex Russell''' | Developer | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== The 7 Qualities of Highly Secure Software ====
'''Mano 'dash4rk' Paul''' | Architecture | [https://www.owasp.org/index.php/File:7_Qualities_of_Highly_Secure_Software.pdf 7 Qualities of Highly Secure Software - PDF]
|-
! scope="col" align="left" width="100%" |
==== Web Framework Vulnerabilities ====
'''Abraham Kang''' | Attack | [https://www.owasp.org/images/d/db/WebFrameworkVulnerablilitiesAppSecUSA.pdf Web App Framework Based Vulnerabilies - PDF]
|-
! scope="col" align="left" width="100%" |
==== Web App Crypto - A Study in Failure ====
'''Travis H''' | Case Studies | [https://www.owasp.org/images/2/2f/Web_app_crypto_20121026.pdf Web App Cryptology A Study in Failure - PDF]
|}

=== 4:00 pm - 4:45 pm ===

----
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
! scope="col" align="left" width="100%" |
==== Security at Scale ====
'''Yvan Boily''' | Developer | Presentation not available
|-
! scope="col" align="left" width="100%" |
==== Four Axes of Evil ====
'''HD Moore''' | Developer | [https://www.owasp.org/images/6/6f/Four_Axes_of_Evil.pdf Four Axes of Evil - PDF]
|-
! scope="col" align="left" width="100%" |
==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
'''Wendy Nather''' | Architecture | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Counterintelligence Attack Theory ====
'''Fred Donovan''' | Attack | Presentation not available 
|-
! scope="col" align="left" width="100%" |
==== Top Strategies to Capture Security Intelligence for Applications ====
'''John Dickson''' | Case Studies | [https://www.owasp.org/images/8/8c/Top_Strategies_to_Capture_Security_Intelligence_for_Applications_OWASP.pdf Top Strategies to Capture Security Intelligence for Applications - PDF]

|}

2012-11-18T15:58:36Z

Nishi: /* Top Strategies to Capture Security Intelligence for Applications */

*AppSecUSA Presentations and Talks

== Thursday 25th Oct ==
=== 10:00 am - 10:45 am ===

----

==== Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements ====
*'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF]

==== Top Ten Web Defenses ====
*'''Jim Manico''' | Mobile | [https://www.owasp.org/images/0/08/Top_10_Defenses_for_Website_Security.pdf Top 10 Defenses for Website Security - PDF]

==== Mobile Applications & Proxy Shenanigans ====
*'''Dan Amodio''' | Mobile | PDF

==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ====
*'''Alejandro Caceres''' | Reverse Engineering | PDF

==== Gauntlt: Rugged by Example ====
*'''Jeremiah Shirk''' | Rugged devops | PDF

=== 11:00 am - 11:45 am ===

----

==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
*'''Ryan Barnett''' | Attack | PDF

==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ====
*'''Sherif Koussa''' | Developer | PDF

==== Cracking the Code of Mobile Application ====
*'''Sreenarayan Ashokkumar''' | Mobile | [https://www.owasp.org/images/c/cd/Cracking_the_Mobile_Application_Code.pdf Cracking the Mobile Application Code - PDF]

==== Hacking .NET Application: Reverse Engineering 101 ====
*'''Jon Mccoy''' | Reverse Engineering | PDF

==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
*'''Josh Corman''' | Rugged devops | [https://www.owasp.org/images/d/d5/Doing_the_Unstuck.pdf Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF]

=== 2:00 pm - 2:45 pm ===

----

==== Hacking with WebSockets ====
*'''Vaagn Toukharian''' | Attack | PDF

==== Bug Bounty Programs ====
*'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | PDF

==== How we tear into that little green man ====
*'''Mathew Rowley''' | Mobile | PDF

==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ====
*'''Jerry Hoff''' | Developer | PDF

==== Put your robots to work: security automation at Twitter ====
*'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | PDF

=== 3:00 pm - 3:45 pm ===

----

==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
*'''Michele Orru''' | Attack | PDF

==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ====
*'''Shay Chen''' | Developer | [https://www.owasp.org/images/f/f5/The_Diviner_-_Digital_Clairvoyance_Breakthrough_-_Gaining_Access_to_the_Source_Code_%26_Server_Side_Memory_Structure_of_ANY_Application.pdf The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) - PDF]

==== Demystifying Security in the Cloud: AWS Scout ====
*'''Jonathan Chittenden''' | Cloud | [https://www.owasp.org/images/0/0f/Demystifying_Security_in_the_Cloud.pdf Demystifying Security in the Cloud - PDF]

==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ====
*'''Ofer Maor''' | Developer | PDF

==== Rebooting (secure) software development with continuous deployment ====
*'''Nick Galbreath''' | Rugged devops | PDF

=== 4:00 pm - 4:45 pm ===

----

==== Cross Site Port Scanning ====
*'''Riyaz Walikar''' | Attack | [https://www.owasp.org/images/8/89/Poking_Servers_with_Facebook-Cross_Site_Port_Scanning.pdf Cross Site Port Scanning - PDF]

==== Analyzing and Fixing Password Protection Schemes ====
*'''John Steven''' | Developer | PDF

==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ====
*'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | PDF

==== WTF - WAF Testing Framework ====
*'''Yaniv Azaria, Amichai Shulman''' | Architecture | [https://www.owasp.org/images/0/00/OWASP-2012-WTF.pdf WAF Testing Framework - PDF]

==== DevOps Distilled: The DevOps Panel at AppSec USA ====
*'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF]

== Friday 26th Oct ==
=== 10:00 am - 10:45 am ===

----

==== Effective approaches to web application security ====
*'''Zane Lackey''' | Developer | [https://www.owasp.org/images/b/b4/Effective_approaches_to_web_application_security.pdf Effective approaches to web application security - PDF]

==== Why Web Security Is Fundamentally Broken ====
*'''Jeremiah Grossman''' | Developer | [https://www.owasp.org/images/9/90/Web_Security_Fundamentally_Broken.pdf Why Web Security Is Fundamentally Broken - PDF]

==== Payback on Web Attackers: Web Honeypots ====
*'''Simon Roses Femerling''' | Architecture | PDF

==== Spin the bottle: Coupling technology and SE for one awesome hack ====
*'''David Kennedy''' | Attack | PDF

==== Incident Response: Security After Compromise ====
*'''Richard Bejtlich''' | Case Studies | PDF

=== 11:00 am - 11:45 am ===

----

==== The Same-Origin Saga ====
*'''Brendan Eich''' | Developer | [https://www.owasp.org/images/a/a2/The_Same-Origin_Saga.pdf The Same-Origin Saga - PDF]

==== Hack your way to a degree: a new direction in teaching application security at universities ====
*'''Konstantinos Papapanagiotou''' | Developer | [https://www.owasp.org/images/9/9a/OWASP_Hackademic_AppSecUS2012_v1.pdf Hack your way to a degree: a new direction in teaching application security at universities - PDF]

==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
*'''Dan Cornell, Josh Sokol''' | Architecture | PDF

==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
*'''Phil Purviance''' | Attack | PDF

==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
*'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | PDF

=== 1:00 pm - 1:45 pm ===

----

==== Builders Vs. Breakers ====
*'''Brett Hardin, Matt Konda, Jon Rose''' | Developer | [https://www.owasp.org/images/8/83/OWASP_AppSec_2012-Builders-vs-Breakers.pdf Builders-vs-Breakers - PDF]

==== Real World Cloud Application Security ====
*'''Jason Chan''' | Cloud | PDF

==== NoSQL, no security? ====
*'''Will Urbanski''' | Architecture | PDF

==== SQL Server Exploitation, Escalation, and Pilfering ====
*'''Antti Rantasaari, Scott Sutherland''' | Attack | PDF

==== Iran's real life cyberwar ====
*'''Phillip Hallam-Baker''' | Case Studies | [https://www.owasp.org/images/5/59/Iran%E2%80%99s_Real_Life_Cyberwar.pdf Iran’s Real Life Cyberwar - PDF]

=== 2:00 pm - 2:45 pm ===

----

==== Get off your AMF and don’t REST on JSON ====
*'''Dan Kuykendall''' | Developer | [https://www.owasp.org/images/2/20/Get_off_your_AMF_and_dont_REST_on_JSON-AppSecUSA2012.pdf Get off your AMF and don’t REST on JSON - PDF]

==== Unraveling Some of the Mysteries around DOM-Based XSS ====
*'''Dave Wichers''' | Developer | PDF

==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ====
*'''Tobias Gondrom''' | Architecture | [https://www.owasp.org/images/f/fe/OWASP_defending-MITMA_US_2012.pdf Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs - PDF]

==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
*'''Shreeraj Shah''' | Attack | PDF

==== The Application Security Ponzi Scheme: Stop paying for security failure ====
*'''Jarret Raim, Matt Tesauro''' | Case Studies | PDF

=== 3:00 pm - 3:45 pm ===

----

==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====
*'''Bill Chu''' | Developer | [https://www.owasp.org/images/4/46/Interactive_Static_Analysis.pdfInteractive Static Analysis for Early Detection of Software Vulnerabilities - PDF]

==== Origin(al) Sins ====
*'''Alex Russell''' | Developer | PDF

==== The 7 Qualities of Highly Secure Software ====
*'''Mano 'dash4rk' Paul''' | Architecture | [https://www.owasp.org/index.php/File:7_Qualities_of_Highly_Secure_Software.pdf 7 Qualities of Highly Secure Software - PDF]

==== Web Framework Vulnerabilities ====
*'''Abraham Kang''' | Attack | PDF

==== Web App Crypto - A Study in Failure ====
*'''Travis H''' | Case Studies | PDF

=== 4:00 pm - 4:45 pm ===

----

==== Security at Scale ====
*'''Yvan Boily''' | Developer | PDF

==== Four Axes of Evil ====
*'''HD Moore''' | Developer | [https://www.owasp.org/images/6/6f/Four_Axes_of_Evil.pdf Four Axes of Evil - PDF]

==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
*'''Wendy Nather''' | Architecture | PDF

==== Counterintelligence Attack Theory ====
*'''Fred Donovan''' | Attack | PDF

==== Top Strategies to Capture Security Intelligence for Applications ====
*'''John Dickson''' | Case Studies | [https://www.owasp.org/images/8/8c/Top_Strategies_to_Capture_Security_Intelligence_for_Applications_OWASP.pdf Top Strategies to Capture Security Intelligence for Applications - PDF]