This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSecUSA 2012.com"
From OWASP
| Line 1: | Line 1: | ||
*AppSecUSA Presentations and Talks | *AppSecUSA Presentations and Talks | ||
| + | |||
| + | |||
== Thursday 25th Oct == | == Thursday 25th Oct == | ||
=== 10:00 am - 10:45 am === | === 10:00 am - 10:45 am === | ||
| − | ---- | + | ---- |
| − | |||
{| border="1" cellpadding="0" cellspading="0" | {| border="1" cellpadding="0" cellspading="0" | ||
| − | ! scope="col" align="left" width="100%" | | + | ! scope="col" align="left" width="100%" | |
| − | |||
==== Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements ==== | ==== Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements ==== | ||
| Line 127: | Line 127: | ||
==== DevOps Distilled: The DevOps Panel at AppSec USA ==== | ==== DevOps Distilled: The DevOps Panel at AppSec USA ==== | ||
*'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF] | *'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF] | ||
| − | | | + | |
| − | + | |} | |
| + | |||
== Friday 26th Oct == | == Friday 26th Oct == | ||
=== 10:00 am - 10:45 am === | === 10:00 am - 10:45 am === | ||
---- | ---- | ||
| − | | | + | {| border="1" cellpadding="0" cellspading="0" |
! scope="col" align="left" width="100%" | | ! scope="col" align="left" width="100%" | | ||
==== Effective approaches to web application security ==== | ==== Effective approaches to web application security ==== | ||
Revision as of 18:23, 18 November 2012
- AppSecUSA Presentations and Talks
- 1 Thursday 25th Oct
- 1.1 10:00 am - 10:45 am
- 1.2 11:00 am - 11:45 am
- 1.2.1 Building a Web Attacker Dashboard with ModSecurity and BeEF
- 1.2.2 Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
- 1.2.3 Cracking the Code of Mobile Application
- 1.2.4 Hacking .NET Application: Reverse Engineering 101
- 1.2.5 Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
- 1.3 2:00 pm - 2:45 pm
- 1.4 3:00 pm - 3:45 pm
- 1.4.1 Exploiting Internal Network Vulns via the Browser using BeEF Bind
- 1.4.2 The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
- 1.4.3 Demystifying Security in the Cloud: AWS Scout
- 1.4.4 I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
- 1.4.5 Rebooting (secure) software development with continuous deployment
- 1.5 4:00 pm - 4:45 pm
- 2 Friday 26th Oct
- 2.1 10:00 am - 10:45 am
- 2.2 11:00 am - 11:45 am
- 2.2.1 The Same-Origin Saga
- 2.2.2 Hack your way to a degree: a new direction in teaching application security at universities
- 2.2.3 The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
- 2.2.4 Blended Threats and JavaScript: A Plan for Permanent Network Compromise
- 2.2.5 Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
- 2.3 1:00 pm - 1:45 pm
- 2.4 2:00 pm - 2:45 pm
- 2.4.1 Get off your AMF and don’t REST on JSON
- 2.4.2 Unraveling Some of the Mysteries around DOM-Based XSS
- 2.4.3 Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
- 2.4.4 XSS & CSRF with HTML5 - Attack, Exploit and Defense
- 2.4.5 The Application Security Ponzi Scheme: Stop paying for security failure
- 2.5 3:00 pm - 3:45 pm
- 2.6 4:00 pm - 4:45 pm
Thursday 25th Oct
10:00 am - 10:45 am
Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements
|
|---|
Top Ten Web Defenses
|
Mobile Applications & Proxy Shenanigans
|
Reverse Engineering “Secure” HTTP APIs With An SSL Proxy
|
==== Gauntlt: Rugged by Example ====
|
11:00 am - 11:45 am |
Building a Web Attacker Dashboard with ModSecurity and BeEF
|
Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
|
Cracking the Code of Mobile Application
|
Hacking .NET Application: Reverse Engineering 101
|
Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
|
2:00 pm - 2:45 pm |
Hacking with WebSockets
|
Bug Bounty Programs
|
How we tear into that little green man
|
AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life
|
Put your robots to work: security automation at Twitter
|
3:00 pm - 3:45 pm |
Exploiting Internal Network Vulns via the Browser using BeEF Bind
|
The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) |
Demystifying Security in the Cloud: AWS Scout
|
I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
|
Rebooting (secure) software development with continuous deployment
|
4:00 pm - 4:45 pm |
Cross Site Port Scanning
|
Analyzing and Fixing Password Protection Schemes
|
Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods
|
WTF - WAF Testing Framework
|
DevOps Distilled: The DevOps Panel at AppSec USA
|
Friday 26th Oct
10:00 am - 10:45 am
Effective approaches to web application security
|
|---|
Why Web Security Is Fundamentally Broken
|
Payback on Web Attackers: Web Honeypots
|
Spin the bottle: Coupling technology and SE for one awesome hack
|
Incident Response: Security After Compromise
|
11:00 am - 11:45 am |
The Same-Origin Saga
|
Hack your way to a degree: a new direction in teaching application security at universities
|
The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
|
Blended Threats and JavaScript: A Plan for Permanent Network Compromise
|
Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
|
1:00 pm - 1:45 pm |
Builders Vs. Breakers
|
Real World Cloud Application Security
|
NoSQL, no security?
|
SQL Server Exploitation, Escalation, and Pilfering
|
Iran's real life cyberwar
|
2:00 pm - 2:45 pm |
Get off your AMF and don’t REST on JSON
|
Unraveling Some of the Mysteries around DOM-Based XSS
|
Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs |
XSS & CSRF with HTML5 - Attack, Exploit and Defense
|
The Application Security Ponzi Scheme: Stop paying for security failure
|
3:00 pm - 3:45 pm |
Using Interactive Static Analysis for Early Detection of Software Vulnerabilities
|
Origin(al) Sins
|
The 7 Qualities of Highly Secure Software
|
Web Framework Vulnerabilities
|
Web App Crypto - A Study in Failure
|
4:00 pm - 4:45 pm |
Security at Scale
|
Four Axes of Evil
|
Pining For the Fjords: The Role of RBAC in Today's Applications
|
Counterintelligence Attack Theory
|
Top Strategies to Capture Security Intelligence for Applications
|
