This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Schedule/4-5-2012

Jump to: navigation, search
Plenary Day 2 - 4/5/2012
Critical Infrastructure
Room 201
Room 202A
On the Go
Room 202B
Room 206
7:30 AM - 9:00 AM Registration
9:00 AM - 9:50 AM Pentesting Smart Grid Web Apps
video | slides

Justin Searle
Friends don't let friends store passwords in source code
video | slides

Neil Matatall
Smart Bombs: Mobile Vulnerability and Exploitation
video | slides

Kevin Johnson, John Sawyer and Tom Eston
Overcoming the Quality vs. Quantity Problem in Software Security Testing
video | slides

Rafal Los
Web Application Defense with Bayesian Attack Analysis
video | slides

Ryan Barnett
9:50 AM - 10:00 AM Coffee Break
10:00 AM - 10:50 AM Vulnerabilities in Industrial Control Systems
video | slides

Kevin Hemsly
Access Control Designs and Pitfalls
video | slides

Jim Manico
Software Security Goes Mobile
video | slides

Jacob West
Baking In Security, Sweet, Secure, Cupcakes
video | slides

Ken Johnson and Matt Ahrens
10:50 AM - 11:00 AM Coffee Break
11:00 AM - 11:50 AM AMI Security
video | slides

John Sawyer and Don Weber
SharePoint Security 101
video | slides

Rob Rachwald, Amichai Shulman and Noa Bar-Yosef
Behind Enemy Lines - Practical& Triage Approaches to Mobile Security Abroad - 2012 Edition
video | slides

Justin Morehouse
Understanding IAST - More Context, Better Analysis
video | slides

Jeff Williams
11:50 AM - 1:30 PM No-Host Lunch
1:30 PM - 2:20 PM Project Basecamp: News from Camp 4
video | slides

Reid Wightman
Enterprise Security API (ESAPI) for C Plus Plus
video | slides

Dan Amodio
Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec Live Environment
video | slides

Kevin Johnson and Tony Delagrange
Proactive risk mitigation within the Software Development Lifecycle (SDLC)
video | slides

Joe White
2:20 PM - 2:30 PM Coffee Break
2:30 PM - 3:20 PM Real world backdoors on industrial devices
video | slides

Ruben Santamarta
Dynamic DAST/WAF Integration
video | slides

Ryan Barnett
An In-Depth Introduction to the Android Permissions Model, and How to Secure Multi-Component Applications
video | slides

Jeff Six
Teaching an Old Dog New Tricks: Securing Development with PMD
video | slides

Joe Hemler
3:20 PM - 3:30 PM Coffee Break
3:30 PM - 4:20 PM Denial of Surface.
video | slides

Eireann Leverett
Cloud-based dWAF: A Real World Deployment Case Study
video | slides

Alexander Meisel
Android in the Healthcare Workplace: A Case Study
video | slides

Thomas Richards
What can an Acquirer do to prevent developers from make dangerous software errors?
No video avail | slides

Michele Moss and Don Davidson
4:20 PM - 4:30 PM Coffee Break
4:30 PM - 5:20 PM Securing Critical Infrastructure
video | slides

Francis Cianfrocca and Bob Lam
Using PHPIDS to Understand Attacks Trends
video | slides

Salvador Grec
Mobile Application Security - Who, how and why
video | slides

Mike Park and Charles Henderson
Private information Protection in Cloud Computing _ Laws, Compliance and Cloud Security Misconceptions
video | slides

Mikhail Utin and Daniil Utin
5:20 PM Closing Remarks
Room 202A