This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSecEU2013

From OWASP

Jump to: navigation, search

1 Presentations
- 1.1 Videos
- 1.2 Slides
  - 1.2.1 Thursday, August 22nd
  - 1.2.2 Friday August, 23rd
2 Welcome
- 2.1 Facts in a nutshell
3 Sponsorship
- 3.1 Thanks to our following sponsors
4 Call for {Presentations,Papers,Trainings}
5 Ticket Challenge
6 Teams
- 6.1 Conference Orga

For a more detailed description of everything see our main AppSec Research 2013 Web Site.

Presentations

Videos

Videos from the talks are available for Großer Saal and Aussichtsreich + Freiraum. There are also Mirror1 and Mirror2.

Thx to Christiaan008 the conference videos were uploaded (unofficially but appreciated) to youtube.

Slides

Quick links to the presentations. All slides are under CC-BY-SA license.

Thursday, August 22nd

Welcome Note: Dirk Wetter
Keynote Angela Sasse -- Busting The Myth of Dancing Pigs: Angela's Top 10 list of reasons why users bypass security measures
OWASP Introduction+Update: Michael Coates, Sarah Baso: OWASP: Where we are... Where we are going
A Qualitative Comparison of SSL Validation Alternatives: Henning Perl, Michael Brenner
Recipes for enabling HTTPS: Thomas Herlea, Neils Boucke, Johann Peeters
A Perfect CRIME? TIME Will Tell: Tal Be'ery
Hunting Down Broken SSL in Android Apps: Marian Harbach, Matthew Smith
HTTP(S) - Based Clustering for Assisted Cybercrime Investigations: Marco Balduzzi
Improving the Security of Session Management in Web Applications: Philippe DeRyck
A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks: Bastian Braun
Experience made in Technical Due Diligence: Amir Alsbih
OWASP - CISO Guide and CISO report 2013 for managers: Tobias Gondrom
Real World Agile SDLC: Chris Eng, Ryan O'Boyle
OWASP Top 10 Proactive Controls: Jim Manico (external link: presentation done by Jason Johnson at http://prezi.com/_oug648-i4yr/owasp-top-ten-defenses )
CSP - the panacea for XSS or placebo: Taras Ivashchenko
Security Testing Guidelines for mobile Apps: Florian_Stahl, Johannes Stroeher

Keynote HackPra Allstars -- [[Media:]]: Jörg Schwenk
HackPra Allstars -- Rooting Your Internals: Michele Orrù
HackPra Allstars -- Burp Pro Tips and Tricks: Nicolas Grégoire
HackPra Allstars -- Augmented Reality in your web proxy: Roberto Suggi Liverani
HackPra Allstars -- Browser Timing Attacks (Paper) and the talk (updated slides): Paul Stone

OSS OWTF Summer StormShort (newer): Abraham Aranguren

Friday August, 23rd

Keynote Thomas Roessler -- Secure all the things: fiction from the Web’s immediate future
Web Fingerprinting: How, who and why?: Nick Nikiforakis
Making the Future Secure with Java: Milton Smith
OWASP Top-10 2013: Dave Wichers
WASC/OWASP WAFEC: Achim Hoffmann, Ofer Shezaf
An Alternate Approach for SQLi Detection: Reto Ischi
OWASP AppSensor - In Theory, In Practice and In Print: Colin Watson
Introducing ASVS 2013: Sahba Kazerooni, Daniel Cuthbert
Insane in the IFRAME: David Ross
JS Libraries Insecurity: Stefano DiPaola
Clickjacking Protection Under Non-trivial Circumstances: Sebastian Lekies, Martin Johns
Origin Policy Enforcement in Modern Browsers: Frederik Braun
I am in your browser, pwning your stuff: Krzysztof Kotowicz
Sandboxing Javascript: Lieven Desmet, Nick Nikiforakis
RaspberryPi for the Infrastructure and hacker: Fred Donavan
Minion - Making Security Accessible for Developers: Yvan Boily (download tar and open index.html in your browser; all sources are here)
ZAP Innovations: Simon Benetts
Do_You_Have a Scanner or Scanning Program: Dan Cornell
OWTF Summer StormShort: Abraham Aranguren
OWASP Hackademic Challenges: Konstantinos Papapanagiotou
SPaCIoS: Luca Viganò, Luca Compagna
Closing Note Dieter Gollmann: Access Control of the Web – The Web of Access Control
Closing Ceremony: Dirk Wetter

Welcome

The German OWASP Chapter is hosting the global OWASP AppSec Research 2013 conference in Hamburg, Germany from August 20-23. Hamburg is the second biggest city in Germany, located in the north. To quote New York Times: No one tells you how pretty Hamburg is. We do.

The AppSec Research conference will be a premier gathering of Information Security leaders, also it has a research part.

Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.

The conference will be held from August 20-23, 2013 at the Emporio Hamburg. It's centrally located in the heart of the city with a splendid view over Binnen-, Aussenalster and River Elbe.

Facts in a nutshell

Date: Trainings: August 20-21, 2013; Conference: August 22-23, 2013
Location: Emporio Hamburg
Program: Complete Program; Trainings; Open Source (Security) Showcase; HackPra Allstars Track
Events: Dinner ...
Sponsors: Sponsorship Description, find out more here.
Call for ...: Closed: ~~May 15, was extended: May 22: Papers~~ (Research).; Closed: ~~Presentations~~ (Industry). Talk teasers are here, Program comming soon.; Closed: ~~Call for Trainings~~. Program is published; Closed: ~~OWASP Open Source (Security) Showcase (OSS)~~
Registration: Is open, please see http://2013.appsec.eu/registration/ .
Mailinglist: please subscribe to: https://lists.owasp.org/mailman/listinfo/appseceu2013

Partners + Supporters: External Web Site

Sponsorship

AppSec Research is seeking for sponsors. We have several possibilities how you can promote your company, seek for employees and on the other side support the conference. Please find the description, pricing and possible items in a PDF here.