Difference between revisions of "AppSecUSA 2012.com"

Revision as of 04:08, 18 November 2012 (view source) Nishi (talk | contribs) (→‎Bug Bounty Programs) ← Older edit		Revision as of 04:10, 18 November 2012 (view source) Nishi (talk | contribs) Newer edit →
Line 103:		Line 103:
	==== Effective approaches to web application security ====		==== Effective approaches to web application security ====
−	*'''Zane Lackey''' | Developer	+	*'''Zane Lackey''' | Developer | PDF
	==== Why Web Security Is Fundamentally Broken ====		==== Why Web Security Is Fundamentally Broken ====
−	*'''Jeremiah Grossman''' | Developer	+	*'''Jeremiah Grossman''' | Developer | PDF
	==== Payback on Web Attackers: Web Honeypots ====		==== Payback on Web Attackers: Web Honeypots ====
−	*'''Simon Roses Femerling''' | Architecture	+	*'''Simon Roses Femerling''' | Architecture | PDF
	==== Spin the bottle: Coupling technology and SE for one awesome hack ====		==== Spin the bottle: Coupling technology and SE for one awesome hack ====
−	*'''David Kennedy''' | Attack	+	*'''David Kennedy''' | Attack | PDF
	==== Incident Response: Security After Compromise ====		==== Incident Response: Security After Compromise ====
−	*'''Richard Bejtlich''' | Case Studies	+	*'''Richard Bejtlich''' | Case Studies | PDF
	=== 11:00 am - 11:45 am ===		=== 11:00 am - 11:45 am ===
Line 122:		Line 122:
	==== The Same-Origin Saga ====		==== The Same-Origin Saga ====
−	*'''Brendan Eich''' | Developer	+	*'''Brendan Eich''' | Developer | PDF
	==== Hack your way to a degree: a new direction in teaching application security at universities ====		==== Hack your way to a degree: a new direction in teaching application security at universities ====
−	*'''Konstantinos Papapanagiotou''' | Developer	+	*'''Konstantinos Papapanagiotou''' | Developer | PDF
	==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====		==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
−	*'''Dan Cornell, Josh Sokol''' | Architecture	+	*'''Dan Cornell, Josh Sokol''' | Architecture | PDF
	==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====		==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
−	*'''Phil Purviance''' | Attack	+	*'''Phil Purviance''' | Attack | PDF
	==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====		==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
−	*'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies	+	*'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | PDF
	=== 1:00 pm - 1:45 pm ===		=== 1:00 pm - 1:45 pm ===
Line 141:		Line 141:
	==== Builders Vs. Breakers ====		==== Builders Vs. Breakers ====
−	*'''Brett Hardin, Matt Konda, Jon Rose''' | Developer	+	*'''Brett Hardin, Matt Konda, Jon Rose''' | Developer | PDF
	==== Real World Cloud Application Security ====		==== Real World Cloud Application Security ====
−	*'''Jason Chan''' | Cloud	+	*'''Jason Chan''' | Cloud | PDF
	==== NoSQL, no security? ====		==== NoSQL, no security? ====
−	*'''Will Urbanski''' | Architecture	+	*'''Will Urbanski''' | Architecture | PDF
	==== SQL Server Exploitation, Escalation, and Pilfering ====		==== SQL Server Exploitation, Escalation, and Pilfering ====
−	*'''Antti Rantasaari, Scott Sutherland''' | Attack	+	*'''Antti Rantasaari, Scott Sutherland''' | Attack | PDF
	==== Iran's real life cyberwar ====		==== Iran's real life cyberwar ====
−	*'''Phillip Hallam-Baker''' | Case Studies	+	*'''Phillip Hallam-Baker''' | Case Studies | PDF
	=== 2:00 pm - 2:45 pm ===		=== 2:00 pm - 2:45 pm ===
Line 160:		Line 160:
	==== Get off your AMF and don’t REST on JSON ====		==== Get off your AMF and don’t REST on JSON ====
−	*'''Dan Kuykendall''' | Developer	+	*'''Dan Kuykendall''' | Developer | PDF
	==== Unraveling Some of the Mysteries around DOM-Based XSS ====		==== Unraveling Some of the Mysteries around DOM-Based XSS ====
−	*'''Dave Wichers''' | Developer	+	*'''Dave Wichers''' | Developer | PDF
	==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ====		==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ====
−	*'''Tobias Gondrom''' | Architecture	+	*'''Tobias Gondrom''' | Architecture | PDF
	==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====		==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
−	*'''Shreeraj Shah''' | Attack	+	*'''Shreeraj Shah''' | Attack | PDF
	==== The Application Security Ponzi Scheme: Stop paying for security failure ====		==== The Application Security Ponzi Scheme: Stop paying for security failure ====
−	*'''Jarret Raim, Matt Tesauro''' | Case Studies	+	*'''Jarret Raim, Matt Tesauro''' | Case Studies | PDF
	=== 3:00 pm - 3:45 pm ===		=== 3:00 pm - 3:45 pm ===
Line 179:		Line 179:
	==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====		==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====
−	*'''Bill Chu''' | Developer	+	*'''Bill Chu''' | Developer | PDF
	==== Origin(al) Sins ====		==== Origin(al) Sins ====
−	*'''Alex Russell''' | Developer	+	*'''Alex Russell''' | Developer | PDF
	==== The 7 Qualities of Highly Secure Software ====		==== The 7 Qualities of Highly Secure Software ====
−	*'''Mano 'dash4rk' Paul''' | Architecture	+	*'''Mano 'dash4rk' Paul''' | Architecture | PDF
	==== Web Framework Vulnerabilities  ====		==== Web Framework Vulnerabilities  ====
−	*'''Abraham Kang''' | Attack	+	*'''Abraham Kang''' | Attack | PDF
	==== Web App Crypto - A Study in Failure ====		==== Web App Crypto - A Study in Failure ====
−	*'''Travis H''' | Case Studies	+	*'''Travis H''' | Case Studies | PDF
	=== 4:00 pm - 4:45 pm ===		=== 4:00 pm - 4:45 pm ===
Line 198:		Line 198:
	==== Security at Scale ====		==== Security at Scale ====
−	*'''Yvan Boily''' | Developer	+	*'''Yvan Boily''' | Developer | PDF
	==== Four Axes of Evil ====		==== Four Axes of Evil ====
−	*'''HD Moore''' | Developer	+	*'''HD Moore''' | Developer | PDF
	==== Pining For the Fjords: The Role of RBAC in Today's Applications ====		==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
−	*'''Wendy Nather''' | Architecture	+	*'''Wendy Nather''' | Architecture | PDF
	==== Counterintelligence Attack Theory  ====		==== Counterintelligence Attack Theory  ====
−	*'''Fred Donovan''' | Attack	+	*'''Fred Donovan''' | Attack | PDF
	==== Top Strategies to Capture Security Intelligence for Applications ====		==== Top Strategies to Capture Security Intelligence for Applications ====
−	*'''John Dickson''' | Case Studies	+	*'''John Dickson''' | Case Studies | PDF
	<br>		<br>

---

Revision as of 04:10, 18 November 2012

• AppSecUSA Presentations and Talks

Thursday 25th Oct

10:00 am - 10:45 am

---

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

• John Benninghoff | Developer | PDF

Top Ten Web Defenses

• Jim Manico | Mobile | PDF

Mobile Applications & Proxy Shenanigans

• Dan Amodio | Mobile | PDF

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

• Alejandro Caceres | Reverse Engineering | PDF

Gauntlt: Rugged by Example

• Jeremiah Shirk | Rugged devops | PDF

11:00 am - 11:45 am

---

Building a Web Attacker Dashboard with ModSecurity and BeEF

• Ryan Barnett | Attack | PDF

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

• Sherif Koussa | Developer | PDF

Cracking the Code of Mobile Application

• Sreenarayan Ashokkumar | Mobile | PDF

Hacking .NET Application: Reverse Engineering 101

• Jon Mccoy | Reverse Engineering | PDF

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

• Josh Corman | Rugged devops | PDF

2:00 pm - 2:45 pm

---

Hacking with WebSockets

• Vaagn Toukharian | Attack | PDF

Bug Bounty Programs

• Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | PDF

How we tear into that little green man

• Mathew Rowley | Mobile | PDF

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

• Jerry Hoff | Developer | PDF

Put your robots to work: security automation at Twitter

• Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | PDF

3:00 pm - 3:45 pm

---

Exploiting Internal Network Vulns via the Browser using BeEF Bind

• Michele Orru | Attack | PDF

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

• Shay Chen | Developer | PDF

Demystifying Security in the Cloud: AWS Scout

• Jonathan Chittenden | Cloud | PDF

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

• Ofer Maor | Developer | PDF

Rebooting (secure) software development with continuous deployment

• Nick Galbreath | Rugged devops | PDF

4:00 pm - 4:45 pm

---

Cross Site Port Scanning

• Riyaz Walikar | Attack | PDF

Analyzing and Fixing Password Protection Schemes

• John Steven | Developer | PDF

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

• Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | PDF

WTF - WAF Testing Framework

• Yaniv Azaria, Amichai Shulman | Architecture | PDF

DevOps Distilled: The DevOps Panel at AppSec USA

• Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | PDF

Friday 26th Oct

10:00 am - 10:45 am

---

Effective approaches to web application security

• Zane Lackey | Developer | PDF

Why Web Security Is Fundamentally Broken

• Jeremiah Grossman | Developer | PDF

Payback on Web Attackers: Web Honeypots

• Simon Roses Femerling | Architecture | PDF

Spin the bottle: Coupling technology and SE for one awesome hack

• David Kennedy | Attack | PDF

Incident Response: Security After Compromise

• Richard Bejtlich | Case Studies | PDF

11:00 am - 11:45 am

---

The Same-Origin Saga

• Brendan Eich | Developer | PDF

Hack your way to a degree: a new direction in teaching application security at universities

• Konstantinos Papapanagiotou | Developer | PDF

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

• Dan Cornell, Josh Sokol | Architecture | PDF

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

• Phil Purviance | Attack | PDF

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

• Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | PDF

1:00 pm - 1:45 pm

---

Builders Vs. Breakers

• Brett Hardin, Matt Konda, Jon Rose | Developer | PDF

Real World Cloud Application Security

• Jason Chan | Cloud | PDF

NoSQL, no security?

• Will Urbanski | Architecture | PDF

SQL Server Exploitation, Escalation, and Pilfering

• Antti Rantasaari, Scott Sutherland | Attack | PDF

Iran's real life cyberwar

• Phillip Hallam-Baker | Case Studies | PDF

2:00 pm - 2:45 pm

---

Get off your AMF and don’t REST on JSON

• Dan Kuykendall | Developer | PDF

Unraveling Some of the Mysteries around DOM-Based XSS

• Dave Wichers | Developer | PDF

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

• Tobias Gondrom | Architecture | PDF

XSS & CSRF with HTML5 - Attack, Exploit and Defense

• Shreeraj Shah | Attack | PDF

The Application Security Ponzi Scheme: Stop paying for security failure

• Jarret Raim, Matt Tesauro | Case Studies | PDF

3:00 pm - 3:45 pm

---

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

• Bill Chu | Developer | PDF

Origin(al) Sins

• Alex Russell | Developer | PDF

The 7 Qualities of Highly Secure Software

• Mano 'dash4rk' Paul | Architecture | PDF

Web Framework Vulnerabilities

• Abraham Kang | Attack | PDF

Web App Crypto - A Study in Failure

• Travis H | Case Studies | PDF

4:00 pm - 4:45 pm

---

Security at Scale

• Yvan Boily | Developer | PDF

Four Axes of Evil

• HD Moore | Developer | PDF

Pining For the Fjords: The Role of RBAC in Today's Applications

• Wendy Nather | Architecture | PDF

Counterintelligence Attack Theory

• Fred Donovan | Attack | PDF

Top Strategies to Capture Security Intelligence for Applications

• John Dickson | Case Studies | PDF