Difference between revisions of "AppSecUSA 2012.com"

Revision as of 16:48, 18 November 2012

• AppSecUSA Presentations and Talks

Thursday 25th Oct

10:00 am - 10:45 am

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

• John Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF

Top Ten Web Defenses

• Jim Manico | Mobile | Top 10 Defenses for Website Security - PDF

Mobile Applications & Proxy Shenanigans

• Dan Amodio | Mobile | Presentation Not available

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

• Alejandro Caceres | Reverse Engineering | Presentation Not available

Gauntlt: Rugged by Example

• Jeremiah Shirk | Rugged devops | PDF

11:00 am - 11:45 am

Building a Web Attacker Dashboard with ModSecurity and BeEF

• Ryan Barnett | Attack | Presentation Not available

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

• Sherif Koussa | Developer | Presentation Not available

Cracking the Code of Mobile Application

• Sreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF

Hacking .NET Application: Reverse Engineering 101

• Jon Mccoy | Reverse Engineering | Presentation Not available

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

• Josh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF

2:00 pm - 2:45 pm

Hacking with WebSockets

• Vaagn Toukharian | Attack | Presentation Not available

Bug Bounty Programs

• Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available

How we tear into that little green man

• Mathew Rowley | Mobile | Presentation Not available

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

• Jerry Hoff | Developer | Presentation Not available

Put your robots to work: security automation at Twitter

• Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available

3:00 pm - 3:45 pm

Exploiting Internal Network Vulns via the Browser using BeEF Bind

• Michele Orru | Attack | Presentation Not available

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

• Shay Chen | Developer | The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) - PDF

Demystifying Security in the Cloud: AWS Scout

• Jonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

• Ofer Maor | Developer | Presentation Not available

Rebooting (secure) software development with continuous deployment

• Nick Galbreath | Rugged devops | Presentation Not available

4:00 pm - 4:45 pm

Cross Site Port Scanning

• Riyaz Walikar | Attack | Cross Site Port Scanning - PDF

Analyzing and Fixing Password Protection Schemes

• John Steven | Developer | Presentation Not available

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

• Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation Not available

WTF - WAF Testing Framework

• Yaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF

DevOps Distilled: The DevOps Panel at AppSec USA

• Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF

Friday 26th Oct

10:00 am - 10:45 am

Effective approaches to web application security

• Zane Lackey | Developer | Effective approaches to web application security - PDF

Why Web Security Is Fundamentally Broken

• Jeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF

Payback on Web Attackers: Web Honeypots

• Simon Roses Femerling | Architecture | Presentation Not available

Spin the bottle: Coupling technology and SE for one awesome hack

• David Kennedy | Attack | Presentation Not available

Incident Response: Security After Compromise

• Richard Bejtlich | Case Studies | Presentation Not available

11:00 am - 11:45 am

The Same-Origin Saga

• Brendan Eich | Developer | The Same-Origin Saga - PDF

Hack your way to a degree: a new direction in teaching application security at universities

• Konstantinos Papapanagiotou | Developer | Hack your way to a degree: a new direction in teaching application security at universities - PDF

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

• Dan Cornell, Josh Sokol | Architecture | Presentation Not available

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

• Phil Purviance | Attack | Presentation Not available

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

• Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation Not available

1:00 pm - 1:45 pm

Builders Vs. Breakers

• Brett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF

Real World Cloud Application Security

• Jason Chan | Cloud | Presentation Not available

NoSQL, no security?

• Will Urbanski | Architecture | Presentation Not available

SQL Server Exploitation, Escalation, and Pilfering

• Antti Rantasaari, Scott Sutherland | Attack | Presentation Not available

Iran's real life cyberwar

• Phillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF

2:00 pm - 2:45 pm

Get off your AMF and don’t REST on JSON

• Dan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF

Unraveling Some of the Mysteries around DOM-Based XSS

• Dave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

• Tobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs - PDF

XSS & CSRF with HTML5 - Attack, Exploit and Defense

• Shreeraj Shah | Attack | Presentation Not available

The Application Security Ponzi Scheme: Stop paying for security failure

• Jarret Raim, Matt Tesauro | Case Studies | Presentation Not available

3:00 pm - 3:45 pm

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

• Bill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF

Origin(al) Sins

• Alex Russell | Developer | Presentation Not available

The 7 Qualities of Highly Secure Software

• Mano 'dash4rk' Paul | Architecture | 7 Qualities of Highly Secure Software - PDF

Web Framework Vulnerabilities

• Abraham Kang | Attack | Web App Framework Based Vulnerabilies - PDF

Web App Crypto - A Study in Failure

• Travis H | Case Studies | Web App Cryptology A Study in Failure - PDF

4:00 pm - 4:45 pm

Security at Scale

• Yvan Boily | Developer | Presentation Not available

Four Axes of Evil

• HD Moore | Developer | Four Axes of Evil - PDF

Pining For the Fjords: The Role of RBAC in Today's Applications

• Wendy Nather | Architecture | Presentation Not available

Counterintelligence Attack Theory

• Fred Donovan | Attack | Presentation Not available

Top Strategies to Capture Security Intelligence for Applications

• John Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF