This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecResearch2012"

From OWASP
Jump to: navigation, search
Line 697: Line 697:
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:30-10:00  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:30-10:00  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Welcome <br> OWASP Foundation, Where we are… Where we are Going <br> OWASP Board
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[https://www.owasp.org/images/6/6b/AppSecEU2012_Welcome.pdf Welcome]] <br> OWASP Foundation, Where we are… Where we are Going <br> OWASP Board
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:45  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:45  
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Software Security Goes Mobile <br>Jacob West, CTO, Fortify Products, HP
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Software Security Goes Mobile <br>Jacob West, CTO, Fortify Products, HP
 +
Video | [[https://www.owasp.org/images/0/0f/AppSecEU2012_SS_goes_mobile.pdf Slides]]
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45-11:00  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45-11:00  
Line 709: Line 710:
 
Justin Clarke<br>
 
Justin Clarke<br>
 
''(Gotham Digital Science)''
 
''(Gotham Digital Science)''
 +
Video | Slides
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | OWASP Top Ten Defensive Techniques<br>
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | OWASP Top Ten Defensive Techniques<br>
 
Jim Manico<br>
 
Jim Manico<br>
 
''(Whitehat)''
 
''(Whitehat)''
 
+
Video | [[https://www.owasp.org/images/3/3a/AppSecEU2012_Top_Ten_Defenses.pdf Slides]]
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" |(P) Screw You and the Script You Rode in On<br>
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" |(P) Screw You and the Script You Rode in On<br>
 
David Byrne and Charles Henderson<br>
 
David Byrne and Charles Henderson<br>
 
''(Trustwave)''
 
''(Trustwave)''
 
+
Video | [[https://www.owasp.org/images/3/32/AppSecEU2012_WhatPermissionsDoesYourDatabaseUserREALLYNeed.pdf Slides]]
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:40-11:50  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:40-11:50  
Line 726: Line 728:
 
''Dave Wichers<br>
 
''Dave Wichers<br>
 
(Aspect Security)''
 
(Aspect Security)''
 
+
Video | [[https://www.owasp.org/images/3/30/AppSecEU2012_DOM-based_XSS.pdf Slides]]
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (P) Breaking is easy, preventing is hard
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (P) Breaking is easy, preventing is hard
 
''Matias Madou<br>
 
''Matias Madou<br>
 
(HP)''
 
(HP)''
 +
Video | [[https://www.owasp.org/images/2/2e/AppSecEU2012_BreakingIsEasyPreventingIsHardReWrite.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | What Permissions Does Your Database User REALLY Need?
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | What Permissions Does Your Database User REALLY Need?
 
''Dan Cornell<br>
 
''Dan Cornell<br>
 
(Denim Group)''
 
(Denim Group)''
 +
Video | [[https://www.owasp.org/images/3/32/AppSecEU2012_WhatPermissionsDoesYourDatabaseUserREALLYNeed.pdf Slides]]
  
 
|-
 
|-
Line 743: Line 747:
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:  From EasySQL to CPUs<br>
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:  From EasySQL to CPUs<br>
 
''Duncan Harris, Director of Security Assurance, Oracle''
 
''Duncan Harris, Director of Security Assurance, Oracle''
 +
Video | [[https://www.owasp.org/images/1/15/AppSecEU2012_Oracle.pdf Slides]]
  
 
|-
 
|-
Line 752: Line 757:
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Finding Malware on a Web Scale<br>
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Finding Malware on a Web Scale<br>
 
''Ben Livshits, Researcher, Microsoft Research''
 
''Ben Livshits, Researcher, Microsoft Research''
 +
Video | [[https://www.owasp.org/images/0/05/AppSecEU2012_Livshits.pdf Slides]]
 +
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:20  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:20  
Line 763: Line 770:
 
(Watson Hall)
 
(Watson Hall)
 
''
 
''
 +
Video | [[https://www.owasp.org/images/0/06/AppSecEU2012_Spaghetti.pdf Slides]]
 +
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | CISO’s Guide to Securing SharePoint
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | CISO’s Guide to Securing SharePoint
 
''Tsvika Klein<br>
 
''Tsvika Klein<br>
 
(Imperva)''
 
(Imperva)''
 +
Video | [[https://www.owasp.org/images/b/b1/AppSecEU2012_CISOs_Guide_to_Sharepoint.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST
 
''Ofer Maor<br>
 
''Ofer Maor<br>
 
(Seeker Security)''
 
(Seeker Security)''
 +
Video | [[Slides]]
  
 
|-
 
|-
Line 780: Line 791:
 
''Ashar Javed<br>
 
''Ashar Javed<br>
 
(Ruhr University Bochum)''
 
(Ruhr University Bochum)''
 +
Video | [[Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | Things Your Smartphone Does When Nobody’s Looking
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | Things Your Smartphone Does When Nobody’s Looking
 
''Chris Eng<br>
 
''Chris Eng<br>
 
(Veracode)''
 
(Veracode)''
 +
Video | [[https://www.owasp.org/images/c/cf/AppSecEU2012_Mobile_Risks.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) Achieving Sustainable Delivery of Web Application Security Virtual Laboratory Resources for Distance Learning
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) Achieving Sustainable Delivery of Web Application Security Virtual Laboratory Resources for Distance Learning
 
A''drian Winckles and Ibrahim Jeries<br>
 
A''drian Winckles and Ibrahim Jeries<br>
 
(Anglia Ruskin University)''
 
(Anglia Ruskin University)''
 +
Video | [[https://www.owasp.org/images/c/c4/AppSecEU2012_Winckles.pdf Slides]]
  
  
Line 794: Line 808:
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Panel - PCI Security Standards and Application Security<br>
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Panel - PCI Security Standards and Application Security<br>
 
''Jeremy King (PCI Council)''
 
''Jeremy King (PCI Council)''
 +
Video | [[https://www.owasp.org/images/a/ad/AppSecEU2012_PCI.pdf Slides]]
 +
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 20:00  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 20:00  
Line 827: Line 843:
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: A Decade of Software Security: From the Bug Parade to the BSIMM
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: A Decade of Software Security: From the Bug Parade to the BSIMM
 
''Gary McGraw, CTO, Cigital''
 
''Gary McGraw, CTO, Cigital''
 +
Video | [[https://www.owasp.org/images/e/eb/AppSecEU2012_zombies_decade_swsec12.pdf Slides]]
 +
 
|-
 
|-
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:55-10:05  
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:55-10:05  
Line 837: Line 855:
 
''Kachhadiya Rakeshkumar and Benoist Emmanuel<br>
 
''Kachhadiya Rakeshkumar and Benoist Emmanuel<br>
 
(Albert Ludwigs Universität Freiburg and Berne University of Applied Sciences)''
 
(Albert Ludwigs Universität Freiburg and Berne University of Applied Sciences)''
 +
Video | [[https://www.owasp.org/images/e/e6/AppSecEU2012_Benoist.pdf Slides]]
 +
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (D) Benchmarking Web Application Scanners for YOUR Organization
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (D) Benchmarking Web Application Scanners for YOUR Organization
 
''Dan Cornell<br>
 
''Dan Cornell<br>
 
(Denim Group)''
 
(Denim Group)''
 +
Video | [[https://www.owasp.org/images/a/a8/AppSecEU2012_ScannerBenchmarking.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (D) The “cree.py” side of geolocation. Weaponizing your checkins
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (D) The “cree.py” side of geolocation. Weaponizing your checkins
 
''Ioannis Kakavas<br>
 
''Ioannis Kakavas<br>
 
(IT Advisor)''
 
(IT Advisor)''
 +
Video | [[https://www.owasp.org/images/8/82/AppSecEU2012_creepy.pdf Slides]]
  
  
Line 856: Line 878:
 
''Dinis Cruz<br>
 
''Dinis Cruz<br>
 
(Security Innovation)''
 
(Security Innovation)''
 +
Video | [[ Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (P) Data Mining a Mountain of Zero Day Vulnerabilities
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (P) Data Mining a Mountain of Zero Day Vulnerabilities
 
''Chris Eng<br>
 
''Chris Eng<br>
 
(Veracode)''
 
(Veracode)''
 +
Video | [[https://www.owasp.org/images/f/f5/AppSecEU2012_Data_Mining_Zero_Day.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) Anticipating Surprise – Fundamentals of Intelligence Gathering
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) Anticipating Surprise – Fundamentals of Intelligence Gathering
 
''Fred Donovan<br>
 
''Fred Donovan<br>
 
(Attack Logic)''
 
(Attack Logic)''
 
+
Video | [[https://www.owasp.org/images/7/7d/AppSecEU2012_Anticipating_Surprise.pdf Slides]]
  
 
|-
 
|-
Line 878: Line 902:
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:  Fatal Injection (and what you can do about it)
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:  Fatal Injection (and what you can do about it)
 
''Diomidis Spinellis, Professor, Athens University of Economics and Business''
 
''Diomidis Spinellis, Professor, Athens University of Economics and Business''
 +
Video | [[Slides]]
  
 
|-
 
|-
Line 890: Line 915:
 
''Tony Ucedavelez<br>
 
''Tony Ucedavelez<br>
 
(VerSprite)''
 
(VerSprite)''
 +
Video | [[https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (P) Can Correlations Secure Web Application?
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (P) Can Correlations Secure Web Application?
 
''Ofer Shezaf<br>
 
''Ofer Shezaf<br>
 
(HP)''  
 
(HP)''  
 +
Video | [[https://www.owasp.org/images/2/26/AppSecEU2012_Correlations.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (D) BDD for Automating Web Application Testing
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (D) BDD for Automating Web Application Testing
 
''Stephen De Vries<br>
 
''Stephen De Vries<br>
 
(Continuum Security)''
 
(Continuum Security)''
 
+
Video | [[Slides]]
  
 
|-
 
|-
Line 909: Line 936:
 
''Jerry Hoff<br>
 
''Jerry Hoff<br>
 
(Whitehat)''
 
(Whitehat)''
 +
Video | [[Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (D) Using Hash-based Message Authentication Code Protocol to Reduce Web Application Attack Surface
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | (D) Using Hash-based Message Authentication Code Protocol to Reduce Web Application Attack Surface
 
''Breno Pinto and Luiz Eduardo Santos<br>
 
''Breno Pinto and Luiz Eduardo Santos<br>
 
(Trustwave)''
 
(Trustwave)''
 +
Video | [[Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (D) Advanced CSRF and Stateless Anti-CSRF
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (D) Advanced CSRF and Stateless Anti-CSRF
 
''John Wilander<br>
 
''John Wilander<br>
 
(Svenska Handelbanken and Linköpings universitet)''
 
(Svenska Handelbanken and Linköpings universitet)''
 
+
Video | [[https://www.owasp.org/images/e/e6/AppSecEU2012_Wilander.pdf Slides]]
  
 
|-
 
|-
Line 930: Line 959:
 
''Charles Henderson<br>
 
''Charles Henderson<br>
 
(Trustwave)''
 
(Trustwave)''
 +
Video | [[https://www.owasp.org/images/e/eb/AppSecEU2012_Anatomy_of_a_Logic_Flaw.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | 2012 Global Security Report
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" | 2012 Global Security Report
 
''Tom Brennan<br>
 
''Tom Brennan<br>
 
(Trustwave)''
 
(Trustwave)''
 +
Video | [[https://www.owasp.org/images/a/ad/AppSecEU2012_PCI.pdf Slides]]
  
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) The Invisible Threat – MitB (Man in the Browser)
 
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | (P) The Invisible Threat – MitB (Man in the Browser)
 
''Uri Fleyder<br>
 
''Uri Fleyder<br>
 
(RSA Security)''
 
(RSA Security)''
 +
Video | [[https://www.owasp.org/images/1/1f/AppSecEU2012_MitB.pdf Slides]]
  
  
Line 948: Line 980:
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Jackpotting Mobile Apps
 
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Jackpotting Mobile Apps
 
Christian Papathanasiou
 
Christian Papathanasiou
 +
Video | [[https://www.owasp.org/images/f/f6/AppSecEU2012_Jackpotting.pdf Slides]]
  
 
|-
 
|-

Revision as of 11:53, 3 October 2012


AppsecResearch2012Banner.jpg

We are happy to announce that the OWASP Greek Chapter will be hosting the AppSec Research 2012 in Athens Greece

This conference is practically the OWASP AppSec Europe. Every two years we add “Research” in order to highlight that we invite both industry and academia to participate, share thoughts, knowledge and insight on application security.

OWASP AppSec Research is the European conference for anyone interested in application security

This year it will be hosted by the Department of Informatics and Telecommunications of the University of Athens, Greece and will take place between July 10-13th.

The first OWASP AppSec Research conference was held in Stockholm in 2010.


AppSec Research Conference Website



@appseceu Twitter Feed (follow us on Twitter!) <twitter>228539824</twitter>


Social Events

During OWASP AppSec Research we are organizing a variety of social events:


Tuesday July 10nth at 20:30 – Welcome drinks at Cafe Avissinia


OWASP Appsec Research team will be at Cafe Avissinia and would like to invite all trainers, trainees, uni challenge participants and anyuone else who happens to be in Athens to join us. Drinks at Cafe Avissinia have reasonable prices, the food is amazingly good and the view to the Acropolis magnificent. Cafe Avissinia is located at Avissinias Square near the Monastiraki Metro Station. For map and instructions please see here.

Wednesday, July 11th at 20:30 – OWASP Band Performance


No explanation required, the OWASP band feat. Gary McGraw will give a rare, outstanding performance as usual on the evening of Wednesday, July 11th at Ya cafe (for map and instructions please see at the end of this page).

For map and instructions please see here

Opening Act: The Weather Underground




Thursday, July 12th at 20:00 – Conference Cocktail

All conference attendees, sponsors and volunteers are invited to the Conference Cocktail at the “Kostis Palamas” building on Thursday, July 12th. The cocktail will start at 8pm.

The “Kostis Palamas” building was built at 1857 and at the time it hosted the university’s medical and physics labs. Nowadays, it has been renovated and it is used as a cultural center and a meeting point for the university community. It is one of the historical buildings of Athens, with characteristic architecture, design and decorations.


“Kostis Palamas” is located at 48 Academias str. and the nearest metro station is Panepistimio. To get there from Evangelismos station, you pick the line that goes towards Egaleo. You get off the next stop (Syntagma) and head to the red line platform that goes towards Aghios Antonios. You get off at the next stop, Panepistimio. Use the exit labeled as “Panepistimiou Str (Athens Academy)” to get of the station. Once you exit, head to your left, walking in between of the imposing buildings. Cross the first street you find (Academias str.) and you can find the Kostis Palamas building on your right.

Alternatively, at that time of the day, a taxi should need approximately 10′ to get from Divani Caravel to the Kostis Palamas building. Giving the taxi driver the exact address (48 Academias str.) is more than enough.

The music is provided by the student e-radio station: