This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSecEU2013"
From OWASP
(→Thursday 22. August) |
Dirk Wetter (talk | contribs) (Fehler gefixt) |
||
| Line 21: | Line 21: | ||
==== Thursday 22. August ==== | ==== Thursday 22. August ==== | ||
* [[Media:Welcome_Note_-_Dirk_Wetter.pdf|Welcome Note]]; Dirk Wetter | * [[Media:Welcome_Note_-_Dirk_Wetter.pdf|Welcome Note]]; Dirk Wetter | ||
| − | * [[Media:--coming soon--|Busting The Myth of Dancing Pigs: Angela's Top 10 list of reasons why users bypass security measures]] | + | * Keynote: [[Media:--coming soon--|Busting The Myth of Dancing Pigs: Angela's Top 10 list of reasons why users bypass security measures]] |
| − | * [[Media:OWASP_Where_we_are.._Where_we_are_going.pdf|OWASP Where we are.. Where we are going]] | + | * [[Media:OWASP_Where_we_are.._Where_we_are_going.pdf|OWASP: Where we are... Where we are going]] |
* [[Media:A Qualitative Comparison of SSL Validation Alternatives - Henning Perl+Michael Brenner+Mathew Smith.pdf|A Qualitative Comparison of SSL Validation Alternatives]]; Henning Perl, Michael Brenner | * [[Media:A Qualitative Comparison of SSL Validation Alternatives - Henning Perl+Michael Brenner+Mathew Smith.pdf|A Qualitative Comparison of SSL Validation Alternatives]]; Henning Perl, Michael Brenner | ||
* [[Media:Recipes_for_enabling_HTTPS_-_Thomas_Herlea+Neils_Boucke+Johann_Peeters.pdf|Recipes for enabling HTTPS]]; Thomas Herlea, Neils Boucke, Johann Peeters | * [[Media:Recipes_for_enabling_HTTPS_-_Thomas_Herlea+Neils_Boucke+Johann_Peeters.pdf|Recipes for enabling HTTPS]]; Thomas Herlea, Neils Boucke, Johann Peeters | ||
| Line 30: | Line 30: | ||
* [[Media:Improving_the_Security_of_Session_Management_in_Web_Applications_-_Philippe_De_Ryck.pdf|Improving the Security of Session Management in Web Applications]]; Philippe DeRyck | * [[Media:Improving_the_Security_of_Session_Management_in_Web_Applications_-_Philippe_De_Ryck.pdf|Improving the Security of Session Management in Web Applications]]; Philippe DeRyck | ||
* [[Media:A_Doorman_for_Your_Home--Control-Flow_Integrity_Means_in_Web_Frameworks_-_Bastian_Brown.pdf|A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks]]; Bastian Braun | * [[Media:A_Doorman_for_Your_Home--Control-Flow_Integrity_Means_in_Web_Frameworks_-_Bastian_Brown.pdf|A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks]]; Bastian Braun | ||
| − | + | * [[Media:Technical_Due_Diligence_-_Amir_Alsbih.pdf|Experience made in Technical Due Diligence]]; Amir Alsbih | |
| − | * [[Media:Technical_Due_Diligence_-_Amir_Alsbih.pdf| | ||
* [[Media:OWASP-CISO_Guide_and_CISO_report_2013_for_managers_-_Tobias_Gondrom.pdf|OWASP - CISO Guide and CISO report 2013 for managers]]; Tobias Gondrom | * [[Media:OWASP-CISO_Guide_and_CISO_report_2013_for_managers_-_Tobias_Gondrom.pdf|OWASP - CISO Guide and CISO report 2013 for managers]]; Tobias Gondrom | ||
* [[Media:Real World Agile SDLC - Chris Eng+Ryan OBoyle.pdf|Real World Agile SDLC]]; Chris Eng, Ryan O'Boyle | * [[Media:Real World Agile SDLC - Chris Eng+Ryan OBoyle.pdf|Real World Agile SDLC]]; Chris Eng, Ryan O'Boyle | ||
* OWASP Top 10 Proactive Controls; Jim Manico (external link: presentation done by Jason Johnson at http://prezi.com/_oug648-i4yr/owasp-top-ten-defenses ) | * OWASP Top 10 Proactive Controls; Jim Manico (external link: presentation done by Jason Johnson at http://prezi.com/_oug648-i4yr/owasp-top-ten-defenses ) | ||
* [[Media:CSP--the_panacea_for_XSS_or_placebo_-_Taras_Ivashchenko.pdf|CSP - the panacea for XSS or placebo]]; Taras Ivashchenko | * [[Media:CSP--the_panacea_for_XSS_or_placebo_-_Taras_Ivashchenko.pdf|CSP - the panacea for XSS or placebo]]; Taras Ivashchenko | ||
| − | * [[Media:Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl+Johannes_Stroeher.pdf| | + | * [[Media:Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl+Johannes_Stroeher.pdf|Security Testing Guidelines for mobile Apps]]; Florian_Stahl, Johannes Stroeher |
| − | |||
| − | |||
| + | * Keynote: HackPra Allstars [[Media:--comming soon--]]; Jörg Schwenk | ||
* HackPra Allstars [[Media:HackPraAllstars_Rooting_Your_Internals_-_Michele_Orru.pdf|Rooting Your Internals]]; Michele Orru | * HackPra Allstars [[Media:HackPraAllstars_Rooting_Your_Internals_-_Michele_Orru.pdf|Rooting Your Internals]]; Michele Orru | ||
| − | |||
| − | |||
* HackPra Allstars [[Media:--comming soon--]]; Paul Stone | * HackPra Allstars [[Media:--comming soon--]]; Paul Stone | ||
| − | |||
* HackPra Allstars [[Media:HackPra_Allstars-Burp_Pro_Tips_and_Tricks_-_Nicolas_Grégoire.pdf|Burp Pro Tips and Tricks]]; Nicolas Grégoire | * HackPra Allstars [[Media:HackPra_Allstars-Burp_Pro_Tips_and_Tricks_-_Nicolas_Grégoire.pdf|Burp Pro Tips and Tricks]]; Nicolas Grégoire | ||
* HackPra Allstars [[Media:HackPra_Allstars-Augmented_Reality_in_your_web_proxy_-_Roberto_Suggi_Liverani.pdf|Augmented Reality in your web proxy]]; Roberto Suggi Liverani | * HackPra Allstars [[Media:HackPra_Allstars-Augmented_Reality_in_your_web_proxy_-_Roberto_Suggi_Liverani.pdf|Augmented Reality in your web proxy]]; Roberto Suggi Liverani | ||
| Line 64: | Line 59: | ||
==== Friday 23. August ==== | ==== Friday 23. August ==== | ||
| + | * [[Media:HTML5--ALL_THE_THINGS_-_Thomas_Roessler.pdf|HTML5 - ALL THE THINGS]]; Thomas Roessler | ||
<!-- * [[Media:--comming soon--]]; Nick Nikiforakis --> | <!-- * [[Media:--comming soon--]]; Nick Nikiforakis --> | ||
* [[Media:Making_the_Future_Secure_with_Java_-_Milton_Smith.pdf|Making the Future Secure with Java]]; Milton Smith | * [[Media:Making_the_Future_Secure_with_Java_-_Milton_Smith.pdf|Making the Future Secure with Java]]; Milton Smith | ||
| Line 71: | Line 67: | ||
* [[Media:OWASP_AppSensor--In_Theory,_In_Practice_and_In_Print_-_Colin_Watson.pdf|OWASP AppSensor - In Theory, In Practice and In Print]]; Colin Watson | * [[Media:OWASP_AppSensor--In_Theory,_In_Practice_and_In_Print_-_Colin_Watson.pdf|OWASP AppSensor - In Theory, In Practice and In Print]]; Colin Watson | ||
* [[Media:Introducing_ASVS_2013_-_Sahba_Kazerooni+Daniel_Cuthbert.pdf|Introducing ASVS 2013]]; Sahba Kazerooni, Daniel Cuthbert | * [[Media:Introducing_ASVS_2013_-_Sahba_Kazerooni+Daniel_Cuthbert.pdf|Introducing ASVS 2013]]; Sahba Kazerooni, Daniel Cuthbert | ||
| − | |||
* [[Media:--comming soon--]]; Erlend Oftedal | * [[Media:--comming soon--]]; Erlend Oftedal | ||
* [[Media:Insane_in_the_IFRAME_-_David_Ross.pdf|Insane in the IFRAME]]; David Ross | * [[Media:Insane_in_the_IFRAME_-_David_Ross.pdf|Insane in the IFRAME]]; David Ross | ||
| Line 79: | Line 74: | ||
* [[Media:I_am_in_your_browser,_pwning_your_stuff_-_Krzysztof_Kotowicz.pdf|I am in your browser, pwning your stuff]]; Krzysztof Kotowicz | * [[Media:I_am_in_your_browser,_pwning_your_stuff_-_Krzysztof_Kotowicz.pdf|I am in your browser, pwning your stuff]]; Krzysztof Kotowicz | ||
* [[Media:Sandboxing-Javascript_-_Lieven_Desmet+Nick_Nikiforakis.pdf|Sandboxing Javascript]]; Lieven Desmet, Nick Nikiforakis | * [[Media:Sandboxing-Javascript_-_Lieven_Desmet+Nick_Nikiforakis.pdf|Sandboxing Javascript]]; Lieven Desmet, Nick Nikiforakis | ||
| − | + | * [[Media:RaspberryPi_for_the_Infrasturcture_and_hacker_-_Fred_Donavan.pdf|RaspberryPi for the Infrastructure and hacker]]; Fred Donavan | |
| − | * [[Media:RaspberryPi_for_the_Infrasturcture_and_hacker_-_Fred_Donavan.pdf|RaspberryPi for the | ||
* [[Media:Minion--Making Security Accessible for Developers - Yvan Boily.tar|Minion - Making Security Accessible for Developers]]; Yvan Boily (download tar and open index.html in your browser; all sources are [https://github.com/ygjb/appsec-eu-2013 here]) | * [[Media:Minion--Making Security Accessible for Developers - Yvan Boily.tar|Minion - Making Security Accessible for Developers]]; Yvan Boily (download tar and open index.html in your browser; all sources are [https://github.com/ygjb/appsec-eu-2013 here]) | ||
* [[Media:ZAP_Innovations_-_Simon_Benetts.pdf|ZAP Innovations]]; Simon Benetts | * [[Media:ZAP_Innovations_-_Simon_Benetts.pdf|ZAP Innovations]]; Simon Benetts | ||
* [[Media:Do_You_Have_a_Scanner_or_Scanning_Program_-_Dan_Cornell.pdf|Do_You_Have a Scanner or Scanning Program]]; Dan Cornell | * [[Media:Do_You_Have_a_Scanner_or_Scanning_Program_-_Dan_Cornell.pdf|Do_You_Have a Scanner or Scanning Program]]; Dan Cornell | ||
* [[Media:OWTF--Summer_StormShort_-_Abraham_Aranguren.pdf|OWTF Summer StormShort]]; Abraham Aranguren | * [[Media:OWTF--Summer_StormShort_-_Abraham_Aranguren.pdf|OWTF Summer StormShort]]; Abraham Aranguren | ||
| + | * [Media:OWASP_Hackademic_Challenges_-_Konstantinos_Papapanagiotou+Spyros_Gasteratos.pdf|OWASP Hackademic Challenges]]; Konstantinos Papapanagiotou | ||
* [[Media:SPaCIoS_-_Luca_Compagna.pdf|SPaCIoS]]; Luca Viganò, Luca Compagna | * [[Media:SPaCIoS_-_Luca_Compagna.pdf|SPaCIoS]]; Luca Viganò, Luca Compagna | ||
| − | |||
<!-- | <!-- | ||
* OSS [[Media:]]; Dinis Cruz | * OSS [[Media:]]; Dinis Cruz | ||
* OSS [[Media:]]; Juray Somorowsky | * OSS [[Media:]]; Juray Somorowsky | ||
--> | --> | ||
| − | * [[Media:Closing_Note_-_Dieter_Gollmann.pdf| | + | * Closing Note: [[Media:Closing_Note_-_Dieter_Gollmann.pdf|Access Control of the Web – The Web of Access Control]]; Dieter Gollmann |
* [[Media:Closing-Ceremony_-_Dirk_Wetter.pdf|Closing Ceremony]]; Dirk Wetter | * [[Media:Closing-Ceremony_-_Dirk_Wetter.pdf|Closing Ceremony]]; Dirk Wetter | ||
Revision as of 09:36, 3 October 2013
For a more detailed description of everything see our main AppSec Research 2013 Web Site.
Presentations
Videos
Videos from the talks are available here for Großer Saal and Aussichtsreich + Freiraum.
Slides
Quick links to the presentations. All slides are under CC-BY-SA license.
Thursday 22. August
- Welcome Note; Dirk Wetter
- Keynote: Busting The Myth of Dancing Pigs: Angela's Top 10 list of reasons why users bypass security measures
- OWASP: Where we are... Where we are going
- A Qualitative Comparison of SSL Validation Alternatives; Henning Perl, Michael Brenner
- Recipes for enabling HTTPS; Thomas Herlea, Neils Boucke, Johann Peeters
- A Perfect CRIME? TIME Will Tell; Tal Be'ery
- Hunting Down Broken SSL in Android Apps; Marian Harbach, Matthew Smith
- HTTP(S) - Based Clustering for Assisted Cybercrime Investigations; Marco Balduzzi
- Improving the Security of Session Management in Web Applications; Philippe DeRyck
- A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks; Bastian Braun
- Experience made in Technical Due Diligence; Amir Alsbih
- OWASP - CISO Guide and CISO report 2013 for managers; Tobias Gondrom
- Real World Agile SDLC; Chris Eng, Ryan O'Boyle
- OWASP Top 10 Proactive Controls; Jim Manico (external link: presentation done by Jason Johnson at http://prezi.com/_oug648-i4yr/owasp-top-ten-defenses )
- CSP - the panacea for XSS or placebo; Taras Ivashchenko
- Security Testing Guidelines for mobile Apps; Florian_Stahl, Johannes Stroeher
- Keynote: HackPra Allstars Media:--comming soon--; Jörg Schwenk
- HackPra Allstars Rooting Your Internals; Michele Orru
- HackPra Allstars Media:--comming soon--; Paul Stone
- HackPra Allstars Burp Pro Tips and Tricks; Nicolas Grégoire
- HackPra Allstars Augmented Reality in your web proxy; Roberto Suggi Liverani
- OSS OWTF Summer StormShort (newer); Abraham Aranguren
Friday 23. August
- HTML5 - ALL THE THINGS; Thomas Roessler
- Making the Future Secure with Java; Milton Smith
- OWASP Top-10 2013; Dave Wichers
- WASC/OWASP WAFEC; Achim Hoffmann, Ofer Shezaf
- An Alternate Approach for SQLi Detection; Reto Ischi
- OWASP AppSensor - In Theory, In Practice and In Print; Colin Watson
- Introducing ASVS 2013; Sahba Kazerooni, Daniel Cuthbert
- Media:--comming soon--; Erlend Oftedal
- Insane in the IFRAME; David Ross
- JS Libraries Insecurity; Stefano DiPaola
- Clickjacking Protection Under Non-trivial Circumstances; Sebastian Lekies, Martin Johns
- Origin Policy Enforcement in Modern Browsers; Federik Braun
- I am in your browser, pwning your stuff; Krzysztof Kotowicz
- Sandboxing Javascript; Lieven Desmet, Nick Nikiforakis
- RaspberryPi for the Infrastructure and hacker; Fred Donavan
- Minion - Making Security Accessible for Developers; Yvan Boily (download tar and open index.html in your browser; all sources are here)
- ZAP Innovations; Simon Benetts
- Do_You_Have a Scanner or Scanning Program; Dan Cornell
- OWTF Summer StormShort; Abraham Aranguren
- [Media:OWASP_Hackademic_Challenges_-_Konstantinos_Papapanagiotou+Spyros_Gasteratos.pdf|OWASP Hackademic Challenges]]; Konstantinos Papapanagiotou
- SPaCIoS; Luca Viganò, Luca Compagna
- Closing Note: Access Control of the Web – The Web of Access Control; Dieter Gollmann
- Closing Ceremony; Dirk Wetter
Welcome
The German OWASP Chapter is hosting the global OWASP AppSec Research 2013 conference in Hamburg, Germany from August 20-23. Hamburg is the second biggest city in Germany, located in the north. To quote New York Times: No one tells you how pretty Hamburg is. We do.
The AppSec Research conference will be a premier gathering of Information Security leaders, also it is going to have a research part.
Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.
The conference will be held from August 20-23, 2013 at the Emporio Hamburg. It's centrally located in the heart of the city with a splendid view over Binnen-, Aussenalster and River Elbe.
Facts in a nutshell
- Date
- Trainings: August 20-21, 2013
- Conference: August 22-23, 2013
- Location
- Emporio Hamburg
- Program
- Complete Program
- Trainings
- Open Source (Security) Showcase
- HackPra Allstars Track
- Events
- Dinner ...
- Sponsors
- Sponsorship Description, find out more here.
- Call for ...
- Closed:
May 15, was extended: May 22: Papers(Research). - Closed:
Presentations(Industry). Talk teasers are here, Program comming soon. - Closed:
Call for Trainings. Program is published - Closed:
OWASP Open Source (Security) Showcase (OSS) - Registration
- Is open, please see http://2013.appsec.eu/registration/ .
- Mailinglist
- please subscribe to: https://lists.owasp.org/mailman/listinfo/appseceu2013
- Partners + Supporters
- External Web Site
Sponsorship
AppSec Research is seeking for sponsors. We have several possibilities how you can promote your company, seek for employees and on the other side support the conference. Please find the description, pricing and possible items in a PDF here.
Thanks to our following sponsors
| Platin | ||
 | ||
| Gold | Silver | Bronze |
  
|
      
|
|
Call for {Presentations,Papers,Trainings}
We had there separate "Calls":
- Closed:
The Call for Papers is for the Research track - Closed:
Call for Presentations is the standard one for the regular tracks - Closed:
Call for Trainings
Ticket Challenge
Teams
Conference Orga
- Dirk Wetter (Chair)
- Kai Jendrian (Co-Chair)
- Birgit Bernskötter (External)
- Ingo Hanke
- Boris Hemkemeier
- Achim Hoffmann
- Martin Johns
- Hartwig Gelhausen
- Tobias Glemser
- Sebastien Deleersnyder
- Kelly Santalucia
- Sarah Baso
Contact: orga2013//lists/appsec/eu
- Twitter: @appseceu
- Twitter: @OWASP_de (German account)
