This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/Schedule/4-5-2012"
From OWASP
Mark.bristow (talk | contribs) |
Mark.bristow (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd rowspan=2 | 9:00 AM - 9:50 AM | | width=72 valign=middle bgcolor=#7b8abd rowspan=2 | 9:00 AM - 9:50 AM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center rowspan=2 | [[OWASP_AppSec_DC_2012/Pentesting_Smart_Grid_Web_Apps|Pentesting Smart Grid Web Apps]]<br>video | [[media: ASDC12-Pentesting_Smart_Grid_Web_Apps.pdf|slides]]<br><br>Justin Searle |
| − | Justin Searle | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Friends_dont_let_friends_store_passwords_in_source_code|Friends don't let friends store passwords in source code]]<br>video | slides<br><br>Neil Matatall |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center rowspan=2 | [[OWASP_AppSec_DC_2012/Smart_Bombs_Mobile_Vulnerability_and_Exploitation|Smart Bombs: Mobile Vulnerability and Exploitation]]<br>video | [[media: ASDC12-Smart_Bombs_Mobile_Vulnerability_and_Exploitation.pdf|slides]]<br><br>Kevin Johnson, John Sawyer and Tom Eston |
| − | Neil Matatall | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=2 | [[OWASP_AppSec_DC_2012/Overcoming_the_Quality_vs_Quantity_Problem_in_SoftwareSecurity_Testing|Overcoming the Quality vs. Quantity Problem in Software |
| − | | | + | Security Testing]]<br>video | [[media: ASDC12-Overcoming_the_Quality_vs_Quantity_Problem_in_SoftwareSecurity_Testing.pdf|slides]]<br><br>Rafal Los |
| − | Kevin Johnson, John Sawyer and Tom Eston | ||
| − | | | ||
| − | Rafal Los | ||
|- | |- | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Web_Application_Defense_with_Bayesian_Attack_Analysis|Web Application Defense with Bayesian Attack Analysis]]<br>video | [[media: ASDC12-Web_Application_Defense_with_Bayesian_Attack_Analysis.pdf|slides]]<br><br>Ryan Barnett |
| − | Ryan Barnett | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 9:50 AM - 10:00 AM | | width=72 valign=middle bgcolor=#7b8abd | 9:50 AM - 10:00 AM | ||
| Line 28: | Line 24: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 10:00 AM - 10:50 AM | | width=72 valign=middle bgcolor=#7b8abd | 10:00 AM - 10:50 AM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Vulnerabilities_in_Industrial_Control_Systems|Vulnerabilities in Industrial Control Systems]]<br>video | slides<br><br>Kevin Hemsly |
| − | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Access_Control_Designs_and_Pitfalls|Access Control Designs and Pitfalls]]<br>video | [[media: ASDC12-Access_Control_Designs_and_Pitfalls.pdf|slides]]<br><br>Jim Manico | |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Software_Security_Goes_Mobile|Software Security Goes Mobile]]<br>video | slides<br><br>Jacob West |
| − | Jim Manico | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Baking_In_Security_Sweet_Secure_Cupcakes|Baking In Security, Sweet, Secure, Cupcakes]]<br>video | [[media: ASDC12-Baking_In_Security_Sweet_Secure_Cupcakes.pdf|slides]]<br><br>Ken Johnson and Matt Ahrens |
| − | | | ||
| − | Jacob West | ||
| − | | | ||
| − | Ken Johnson and Matt Ahrens | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 10:50 AM - 11:00 AM | | width=72 valign=middle bgcolor=#7b8abd | 10:50 AM - 11:00 AM | ||
| Line 41: | Line 33: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM | | width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/AMI_Security|AMI Security]]<br>video | [[media: ASDC12-AMI_Security.pdf|slides]]<br><br>John Sawyer and Don Weber |
| − | John Sawyer and Don Weber | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/SharePoint_Security_101|SharePoint Security 101]]<br>video | [[media: ASDC12-SharePoint_Security_101.pdf|slides]]<br><br>Rob Rachwald, Amichai Shulman and Noa Bar-Yosef |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Behind_Enemy_Lines__Practical_Triage_Approaches_to_MobileSecurity_Abroad__2012_Edition|Behind Enemy Lines - Practical& Triage Approaches to Mobile |
| − | Rob Rachwald | + | Security Abroad - 2012 Edition]]<br>video | [[media: ASDC12-Behind_Enemy_Lines_Practical_Triage_Approaches_to_MobileSecurity_Abroad_2012_Edition.pdf|slides]]<br><br>Justin Morehouse |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Understanding_IAST__More_Context_Better_Analysis|Understanding IAST - More Context, Better Analysis]]<br>video | [[media: ASDC12-Understanding_IAST_More_Context_Better_Analysis.pdf|slides]]<br><br>Jeff Williams |
| − | Justin Morehouse | ||
| − | | | ||
| − | Jeff Williams | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 1:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 1:30 PM | ||
| Line 54: | Line 43: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 1:30 PM - 2:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 1:30 PM - 2:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Project_Basecamp_News_from_Camp_4|Project Basecamp: News from Camp 4]]<br>video | [[media:ASDC12-Project_Basecamp_News_from_Base_4.pdf|slides]]<br><br>Reid Wightman |
| − | Reid Wightman | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Enterprise_Security_API_ESAPI_for_C_Plus_Plus|Enterprise Security API (ESAPI) for C Plus Plus]]<br>video | [[media: ASDC12-Enterprise_Security_API_ESAPI_for_C_Plus_Plus.pdf|slides]]<br><br>Dan Amodio |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/WhackaMobile_II_Mobile_App_Pen_Testing_with_the_MobiSecLive_Environment|Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec |
| − | Dan Amodio | + | Live Environment]]<br>video | [[media: ASDC12-WhackaMobile_II_Mobile_App_Pen_Testing_with_the_MobiSecLive_Environment.pdf|slides]]<br><br>Kevin Johnson and Tony Delagrange |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP AppSec DC 2012/Proactive risk mitigation within the Software Development Lifecycle (SDLC)|Proactive risk mitigation within the Software Development Lifecycle (SDLC)]]<br>video | [[media:ASDC12-Proactive_Risk_Mitigation_within_the_Software_Development_Lifecycle.pdf|slides]]<br><br>Joe White |
| − | Kevin Johnson and Tony Delagrange | ||
| − | | | ||
| − | |||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 2:20 PM - 2:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 2:20 PM - 2:30 PM | ||
| Line 67: | Line 53: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Real_world_backdoors_on_industrial_devices|Real world backdoors on industrial devices]]<br>video | [[media: ASDC12-Real_world_backdoors_on_industrial_devices.pdf|slides]]<br><br>Ruben Santamarta |
| − | Ruben Santamarta | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Dynamic_DASTWAF_Integration|Dynamic DAST/WAF Integration]]<br>video | [[media: ASDC12-Dynamic_DASTWAF_Integration.pdf|slides]]<br><br>Ryan Barnett |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications|An In-Depth Introduction to the Android Permissions Model, |
| − | Ryan Barnett | + | and How to Secure Multi-Component Applications]]<br>video | [[media: ASDC12-An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications.pdf|slides]]<br><br>Jeff Six |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Teaching_an_Old_Dog_New_Tricks_Securing_Development_withPMD|Teaching an Old Dog New Tricks: Securing Development with |
| − | Jeff Six | + | PMD]]<br>video | [[media: ASDC12-Teaching_an_Old_Dog_New_Tricks_Securing_Development_with_PMD.pdf|slides]]<br><br>Joe Hemler |
| − | | | ||
| − | Joe Hemler | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM | ||
| Line 80: | Line 64: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Denial_of_Surface|Denial of Surface.]]<br>video | [[media: ASDC12-Denial_of_Surface.pdf|slides]]<br><br>Eireann Leverett |
| − | Eireann Leverett | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Cloudbased_dWAF_A_Real_World_Deployment_Case_Study|Cloud-based dWAF: A Real World Deployment Case Study]]<br>video | [[media: ASDC12-Cloudbased_dWAF_A_Real_World_Deployment_Case_Study.pdf|slides]]<br><br>Alexander Meisel |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Android_in_the_Healthcare_Workplace_A_Case_Study|Android in the Healthcare Workplace: A Case Study]]<br>video | [[media: ASDC12-Android_in_the_Healthcare_Workplace_A_Case_Study.pdf|slides]]<br><br>Thomas Richards |
| − | Alexander Meisel | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors|What can an Acquirer do to prevent developers from make |
| − | | | + | dangerous software errors?]]<br>No video avail | [[media: ASDC12-What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors.pdf|slides]]<br><br>Michele Moss and Don Davidson |
| − | | | ||
| − | Michele Moss and Don Davidson | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM | ||
| Line 92: | Line 74: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Securing_Critical_Infrastructure|Securing Critical Infrastructure]]<br>video | [[media: ASDC12-Securing_Critical_Infrastructure.pdf|slides]]<br><br>Francis Cianfrocca and Bob Lam |
| − | Francis Cianfrocca | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Using_PHPIDS_to_Understand_Attacks_Trends|Using PHPIDS to Understand Attacks Trends]]<br>video | [[media: ASDC12-Using_PHPIDS_to_Understand_Attacks_Trends.pdf|slides]]<br><br>Salvador Grec |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Mobile_Application_Security__Who_how_and_why|Mobile Application Security - Who, how and why]]<br>video | [[media: ASDC12-Mobile_Application_Security_Who_how_and_why.pdf|slides]]<br><br>Mike Park and Charles Henderson |
| − | Salvador Grec | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Private_information_Protection_in_Cloud_Computing___LawsCompliance_and_Cloud_Security_Misconceptions|Private information Protection in Cloud Computing _ Laws, |
| − | | | + | Compliance and Cloud Security Misconceptions]]<br>video | [[media: ASDC12-Private_information_Protection_in_Cloud_Computing_LawsCompliance_and_Cloud_Security_Misconceptions.pdf|slides]]<br><br>Mikhail Utin and Daniil Utin |
| − | Mike Park and Charles Henderson | ||
| − | | | ||
| − | Mikhail Utin and Daniil Utin | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 5:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 5:20 PM | ||
| valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Closing Remarks<br>Room 202A | | valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Closing Remarks<br>Room 202A | ||
|} | |} | ||
