This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSecUSA 2012.com"
From OWASP
(→Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements) |
|||
| Line 10: | Line 10: | ||
==== Top Ten Web Defenses ==== | ==== Top Ten Web Defenses ==== | ||
| − | *'''Jim Manico''' | Mobile | + | *'''Jim Manico''' | Mobile | PDF |
==== Mobile Applications & Proxy Shenanigans ==== | ==== Mobile Applications & Proxy Shenanigans ==== | ||
| − | *'''Dan Amodio''' | Mobile | + | *'''Dan Amodio''' | Mobile | PDF |
==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ==== | ==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ==== | ||
| − | *'''Alejandro Caceres''' | Reverse Engineering | + | *'''Alejandro Caceres''' | Reverse Engineering | PDF |
==== Gauntlt: Rugged by Example ==== | ==== Gauntlt: Rugged by Example ==== | ||
| − | *'''Jeremiah Shirk''' | Rugged devops | + | *'''Jeremiah Shirk''' | Rugged devops | PDF |
=== 11:00 am - 11:45 am === | === 11:00 am - 11:45 am === | ||
| Line 26: | Line 26: | ||
==== Building a Web Attacker Dashboard with ModSecurity and BeEF ==== | ==== Building a Web Attacker Dashboard with ModSecurity and BeEF ==== | ||
| − | *'''Ryan Barnett''' | Attack | + | *'''Ryan Barnett''' | Attack | PDF |
==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ==== | ==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ==== | ||
| − | *'''Sherif Koussa''' | Developer | + | *'''Sherif Koussa''' | Developer | PDF |
==== Cracking the Code of Mobile Application ==== | ==== Cracking the Code of Mobile Application ==== | ||
| − | *'''Sreenarayan Ashokkumar''' | Mobile | + | *'''Sreenarayan Ashokkumar''' | Mobile | PDF |
==== Hacking .NET Application: Reverse Engineering 101 ==== | ==== Hacking .NET Application: Reverse Engineering 101 ==== | ||
| − | *'''Jon Mccoy''' | Reverse Engineering | + | *'''Jon Mccoy''' | Reverse Engineering | PDF |
==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ==== | ==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ==== | ||
| − | *'''Josh Corman''' | Rugged devops | + | *'''Josh Corman''' | Rugged devops | PDF |
=== 2:00 pm - 2:45 pm === | === 2:00 pm - 2:45 pm === | ||
| Line 45: | Line 45: | ||
==== Hacking with WebSockets ==== | ==== Hacking with WebSockets ==== | ||
| − | *'''Vaagn Toukharian''' | Attack | + | *'''Vaagn Toukharian''' | Attack | PDF |
==== Bug Bounty Programs ==== | ==== Bug Bounty Programs ==== | ||
| Line 51: | Line 51: | ||
==== How we tear into that little green man ==== | ==== How we tear into that little green man ==== | ||
| − | *'''Mathew Rowley''' | Mobile | + | *'''Mathew Rowley''' | Mobile | PDF |
==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ==== | ==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ==== | ||
| − | *'''Jerry Hoff''' | Developer | + | *'''Jerry Hoff''' | Developer | PDF |
==== Put your robots to work: security automation at Twitter ==== | ==== Put your robots to work: security automation at Twitter ==== | ||
| − | *'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | + | *'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | PDF |
=== 3:00 pm - 3:45 pm === | === 3:00 pm - 3:45 pm === | ||
| Line 64: | Line 64: | ||
==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ==== | ==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ==== | ||
| − | *'''Michele Orru''' | Attack | + | *'''Michele Orru''' | Attack | PDF |
==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ==== | ==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ==== | ||
| − | *'''Shay Chen''' | Developer | + | *'''Shay Chen''' | Developer | PDF |
==== Demystifying Security in the Cloud: AWS Scout ==== | ==== Demystifying Security in the Cloud: AWS Scout ==== | ||
| − | *'''Jonathan Chittenden''' | Cloud | + | *'''Jonathan Chittenden''' | Cloud | PDF |
==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ==== | ==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ==== | ||
| − | *'''Ofer Maor''' | Developer | + | *'''Ofer Maor''' | Developer | PDF |
==== Rebooting (secure) software development with continuous deployment ==== | ==== Rebooting (secure) software development with continuous deployment ==== | ||
| − | *'''Nick Galbreath''' | Rugged devops | + | *'''Nick Galbreath''' | Rugged devops | PDF |
=== 4:00 pm - 4:45 pm === | === 4:00 pm - 4:45 pm === | ||
| Line 83: | Line 83: | ||
==== Cross Site Port Scanning ==== | ==== Cross Site Port Scanning ==== | ||
| − | *'''Riyaz Walikar''' | Attack | + | *'''Riyaz Walikar''' | Attack | PDF |
==== Analyzing and Fixing Password Protection Schemes ==== | ==== Analyzing and Fixing Password Protection Schemes ==== | ||
| − | *'''John Steven''' | Developer | + | *'''John Steven''' | Developer | PDF |
==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ==== | ==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ==== | ||
| − | *'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | + | *'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | PDF |
==== WTF - WAF Testing Framework ==== | ==== WTF - WAF Testing Framework ==== | ||
| − | *'''Yaniv Azaria, Amichai Shulman''' | Architecture | + | *'''Yaniv Azaria, Amichai Shulman''' | Architecture | PDF |
==== DevOps Distilled: The DevOps Panel at AppSec USA ==== | ==== DevOps Distilled: The DevOps Panel at AppSec USA ==== | ||
| − | *'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | + | *'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | PDF |
== Friday 26th Oct == | == Friday 26th Oct == | ||
Revision as of 04:08, 18 November 2012
- AppSecUSA Presentations and Talks
- 1 Thursday 25th Oct
- 1.1 10:00 am - 10:45 am
- 1.2 11:00 am - 11:45 am
- 1.2.1 Building a Web Attacker Dashboard with ModSecurity and BeEF
- 1.2.2 Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
- 1.2.3 Cracking the Code of Mobile Application
- 1.2.4 Hacking .NET Application: Reverse Engineering 101
- 1.2.5 Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
- 1.3 2:00 pm - 2:45 pm
- 1.4 3:00 pm - 3:45 pm
- 1.4.1 Exploiting Internal Network Vulns via the Browser using BeEF Bind
- 1.4.2 The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
- 1.4.3 Demystifying Security in the Cloud: AWS Scout
- 1.4.4 I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
- 1.4.5 Rebooting (secure) software development with continuous deployment
- 1.5 4:00 pm - 4:45 pm
- 2 Friday 26th Oct
- 2.1 10:00 am - 10:45 am
- 2.2 11:00 am - 11:45 am
- 2.2.1 The Same-Origin Saga
- 2.2.2 Hack your way to a degree: a new direction in teaching application security at universities
- 2.2.3 The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
- 2.2.4 Blended Threats and JavaScript: A Plan for Permanent Network Compromise
- 2.2.5 Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
- 2.3 1:00 pm - 1:45 pm
- 2.4 2:00 pm - 2:45 pm
- 2.4.1 Get off your AMF and don’t REST on JSON
- 2.4.2 Unraveling Some of the Mysteries around DOM-Based XSS
- 2.4.3 Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
- 2.4.4 XSS & CSRF with HTML5 - Attack, Exploit and Defense
- 2.4.5 The Application Security Ponzi Scheme: Stop paying for security failure
- 2.5 3:00 pm - 3:45 pm
- 2.6 4:00 pm - 4:45 pm
Thursday 25th Oct
10:00 am - 10:45 am
Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements
- John Benninghoff | Developer | PDF
Top Ten Web Defenses
- Jim Manico | Mobile | PDF
Mobile Applications & Proxy Shenanigans
- Dan Amodio | Mobile | PDF
Reverse Engineering “Secure” HTTP APIs With An SSL Proxy
- Alejandro Caceres | Reverse Engineering | PDF
Gauntlt: Rugged by Example
- Jeremiah Shirk | Rugged devops | PDF
11:00 am - 11:45 am
Building a Web Attacker Dashboard with ModSecurity and BeEF
- Ryan Barnett | Attack | PDF
Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
- Sherif Koussa | Developer | PDF
Cracking the Code of Mobile Application
- Sreenarayan Ashokkumar | Mobile | PDF
Hacking .NET Application: Reverse Engineering 101
- Jon Mccoy | Reverse Engineering | PDF
Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
- Josh Corman | Rugged devops | PDF
2:00 pm - 2:45 pm
Hacking with WebSockets
- Vaagn Toukharian | Attack | PDF
Bug Bounty Programs
- Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer
How we tear into that little green man
- Mathew Rowley | Mobile | PDF
AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life
- Jerry Hoff | Developer | PDF
Put your robots to work: security automation at Twitter
- Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | PDF
3:00 pm - 3:45 pm
Exploiting Internal Network Vulns via the Browser using BeEF Bind
- Michele Orru | Attack | PDF
The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
- Shay Chen | Developer | PDF
Demystifying Security in the Cloud: AWS Scout
- Jonathan Chittenden | Cloud | PDF
I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
- Ofer Maor | Developer | PDF
Rebooting (secure) software development with continuous deployment
- Nick Galbreath | Rugged devops | PDF
4:00 pm - 4:45 pm
Cross Site Port Scanning
- Riyaz Walikar | Attack | PDF
Analyzing and Fixing Password Protection Schemes
- John Steven | Developer | PDF
Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods
- Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | PDF
WTF - WAF Testing Framework
- Yaniv Azaria, Amichai Shulman | Architecture | PDF
DevOps Distilled: The DevOps Panel at AppSec USA
- Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | PDF
Friday 26th Oct
10:00 am - 10:45 am
Effective approaches to web application security
- Zane Lackey | Developer
Why Web Security Is Fundamentally Broken
- Jeremiah Grossman | Developer
Payback on Web Attackers: Web Honeypots
- Simon Roses Femerling | Architecture
Spin the bottle: Coupling technology and SE for one awesome hack
- David Kennedy | Attack
Incident Response: Security After Compromise
- Richard Bejtlich | Case Studies
11:00 am - 11:45 am
The Same-Origin Saga
- Brendan Eich | Developer
Hack your way to a degree: a new direction in teaching application security at universities
- Konstantinos Papapanagiotou | Developer
The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
- Dan Cornell, Josh Sokol | Architecture
Blended Threats and JavaScript: A Plan for Permanent Network Compromise
- Phil Purviance | Attack
Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
- Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies
1:00 pm - 1:45 pm
Builders Vs. Breakers
- Brett Hardin, Matt Konda, Jon Rose | Developer
Real World Cloud Application Security
- Jason Chan | Cloud
NoSQL, no security?
- Will Urbanski | Architecture
SQL Server Exploitation, Escalation, and Pilfering
- Antti Rantasaari, Scott Sutherland | Attack
Iran's real life cyberwar
- Phillip Hallam-Baker | Case Studies
2:00 pm - 2:45 pm
Get off your AMF and don’t REST on JSON
- Dan Kuykendall | Developer
Unraveling Some of the Mysteries around DOM-Based XSS
- Dave Wichers | Developer
Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
- Tobias Gondrom | Architecture
XSS & CSRF with HTML5 - Attack, Exploit and Defense
- Shreeraj Shah | Attack
The Application Security Ponzi Scheme: Stop paying for security failure
- Jarret Raim, Matt Tesauro | Case Studies
3:00 pm - 3:45 pm
Using Interactive Static Analysis for Early Detection of Software Vulnerabilities
- Bill Chu | Developer
Origin(al) Sins
- Alex Russell | Developer
The 7 Qualities of Highly Secure Software
- Mano 'dash4rk' Paul | Architecture
Web Framework Vulnerabilities
- Abraham Kang | Attack
Web App Crypto - A Study in Failure
- Travis H | Case Studies
4:00 pm - 4:45 pm
Security at Scale
- Yvan Boily | Developer
Four Axes of Evil
- HD Moore | Developer
Pining For the Fjords: The Role of RBAC in Today's Applications
- Wendy Nather | Architecture
Counterintelligence Attack Theory
- Fred Donovan | Attack
Top Strategies to Capture Security Intelligence for Applications
- John Dickson | Case Studies
