This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Project Basecamp News from Camp 4

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

For over a decade the control systems security community has been quietly saying that controllers are fragile devices that should not be scanned or fuzzed. The community debated for years about proper disclosure methods, yet the control systems themselves have seen little improvement. Project Basecamp rocked the community by releasing detailed vulnerability reports about the systems used in critical infrastructure, as well as tools needed to exploit those vulnerabilities.
Like the climbers in Yosemite, the Project Basecamp team is not going away. In Camp 4, Reid covers new industrial controller vulnerabilities, exploits, and vendor responses to the disclosures.

The Speakers

Reid Wightman

Reid Wightman has worked offensive and defensive security for the Department of Defense and the private sector. He cut his teeth in the ICS space working for Schweitzer Engineering Laboratories, where he demonstrated reverse engineering techniques against industrial controllers to drive production of more secure products. Since joining Digital Bond, Reid has been actively reverse engineering industrial control systems to find their design flaws, backdoors, and other security limitations

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg