This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSecUSA 2012"
From OWASP
Sarah Baso (talk | contribs) |
|||
| Line 6: | Line 6: | ||
<br> | <br> | ||
For more information on CFP, CFT, Sponsorship, and registration, '''see the official AppSec USA website at [http://www.appsecusa.org http://www.appsecusa.org]''' | For more information on CFP, CFT, Sponsorship, and registration, '''see the official AppSec USA website at [http://www.appsecusa.org http://www.appsecusa.org]''' | ||
| + | |||
| + | |||
| + | *AppSecUSA Presentations and Talks | ||
| + | |||
| + | |||
| + | |||
| + | == Thursday 25th Oct == | ||
| + | === <span style="color:#006699;">10:00 am - 10:45 am (Thursday) </span>=== | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements ==== | ||
| + | |||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px; width:100%;" >'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF] </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | |||
| + | ==== Top Ten Web Defenses ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jim Manico''' | Mobile | [https://www.owasp.org/images/0/08/Top_10_Defenses_for_Website_Security.pdf Top 10 Defenses for Website Security - PDF] </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Mobile Applications & Proxy Shenanigans ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dan Amodio''' | Mobile | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Alejandro Caceres''' | Reverse Engineering | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Gauntlt: Rugged by Example ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jeremiah Shirk''' | Rugged devops | Presentation not available </span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">11:00 am - 11:45 am (Thursday)</span> === | ||
| + | |||
| + | ---- | ||
| + | |||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Building a Web Attacker Dashboard with ModSecurity and BeEF ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Ryan Barnett''' | Attack | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Sherif Koussa''' | Developer | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Cracking the Code of Mobile Application ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Sreenarayan Ashokkumar''' | Mobile | [https://www.owasp.org/images/c/cd/Cracking_the_Mobile_Application_Code.pdf Cracking the Mobile Application Code - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Hacking .NET Application: Reverse Engineering 101 ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jon Mccoy''' | Reverse Engineering | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Josh Corman''' | Rugged devops | [https://www.owasp.org/images/d/d5/Doing_the_Unstuck.pdf Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF]</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">2:00 pm - 2:45 pm (Thursday)</span> === | ||
| + | |||
| + | ---- | ||
| + | |||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Hacking with WebSockets ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Vaagn Toukharian''' | Attack | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Bug Bounty Programs ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | Presentation Not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== How we tear into that little green man ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Mathew Rowley''' | Mobile | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jerry Hoff''' | Developer | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Put your robots to work: security automation at Twitter ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | Presentation Not available </span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">3:00 pm - 3:45 pm (Thursday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Michele Orru''' | Attack | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Shay Chen''' | Developer | [https://www.owasp.org/images/f/f5/The_Diviner_-_Digital_Clairvoyance_Breakthrough_-_Gaining_Access_to_the_Source_Code_%26_Server_Side_Memory_Structure_of_ANY_Application.pdf Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | |||
| + | ==== Demystifying Security in the Cloud: AWS Scout ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jonathan Chittenden''' | Cloud | [https://www.owasp.org/images/0/0f/Demystifying_Security_in_the_Cloud.pdf Demystifying Security in the Cloud - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Ofer Maor''' | Developer | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Rebooting (secure) software development with continuous deployment ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Nick Galbreath''' | Rugged devops | Presentation not available</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">4:00 pm - 4:45 pm (Thursday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Cross Site Port Scanning ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Riyaz Walikar''' | Attack | [https://www.owasp.org/images/8/89/Poking_Servers_with_Facebook-Cross_Site_Port_Scanning.pdf Cross Site Port Scanning - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Analyzing and Fixing Password Protection Schemes ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''John Steven''' | Developer | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== WTF - WAF Testing Framework ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Yaniv Azaria, Amichai Shulman''' | Architecture | [https://www.owasp.org/images/0/00/OWASP-2012-WTF.pdf WAF Testing Framework - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== DevOps Distilled: The DevOps Panel at AppSec USA ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF]</span> | ||
| + | |} | ||
| + | |||
| + | == Friday 26th Oct == | ||
| + | === <span style="color:#006699;">10:00 am - 10:45 am (Friday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Effective approaches to web application security ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Zane Lackey''' | Developer | [https://www.owasp.org/images/b/b4/Effective_approaches_to_web_application_security.pdf Effective approaches to web application security - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Why Web Security Is Fundamentally Broken ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jeremiah Grossman''' | Developer | [https://www.owasp.org/images/9/90/Web_Security_Fundamentally_Broken.pdf Why Web Security Is Fundamentally Broken - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Payback on Web Attackers: Web Honeypots ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Simon Roses Femerling''' | Architecture | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Spin the bottle: Coupling technology and SE for one awesome hack ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''David Kennedy''' | Attack | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Incident Response: Security After Compromise ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Richard Bejtlich''' | Case Studies | Presentation not available</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">11:00 am - 11:45 am (Friday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== The Same-Origin Saga ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Brendan Eich''' | Developer | [https://www.owasp.org/images/a/a2/The_Same-Origin_Saga.pdf The Same-Origin Saga - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Hack your way to a degree: a new direction in teaching application security at universities ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Konstantinos Papapanagiotou''' | Developer | [https://www.owasp.org/images/9/9a/OWASP_Hackademic_AppSecUS2012_v1.pdf Hack your way to a degree - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | |||
| + | ==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dan Cornell, Josh Sokol''' | Architecture | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Phil Purviance''' | Attack | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | Presentation not available</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">1:00 pm - 1:45 pm (Friday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Builders Vs. Breakers ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Brett Hardin, Matt Konda, Jon Rose''' | Developer | [https://www.owasp.org/images/8/83/OWASP_AppSec_2012-Builders-vs-Breakers.pdf Builders-vs-Breakers - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Real World Cloud Application Security ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jason Chan''' | Cloud | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== NoSQL, no security? ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Will Urbanski''' | Architecture | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== SQL Server Exploitation, Escalation, and Pilfering ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Antti Rantasaari, Scott Sutherland''' | Attack | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Iran's real life cyberwar ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Phillip Hallam-Baker''' | Case Studies | [https://www.owasp.org/images/5/59/Iran%E2%80%99s_Real_Life_Cyberwar.pdf Iran’s Real Life Cyberwar - PDF]</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">2:00 pm - 2:45 pm (Friday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Get off your AMF and don’t REST on JSON ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dan Kuykendall''' | Developer | [https://www.owasp.org/images/2/20/Get_off_your_AMF_and_dont_REST_on_JSON-AppSecUSA2012.pdf Get off your AMF and don’t REST on JSON - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Unraveling Some of the Mysteries around DOM-Based XSS ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dave Wichers''' | Developer | [https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf Unraveling some Mysteries around DOM-based XSS - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Tobias Gondrom''' | Architecture | [https://www.owasp.org/images/f/fe/OWASP_defending-MITMA_US_2012.pdf Securing the SSL channel against man-in-the-middle attacks - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Shreeraj Shah''' | Attack | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== The Application Security Ponzi Scheme: Stop paying for security failure ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jarret Raim, Matt Tesauro''' | Case Studies | Presentation not available</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">3:00 pm - 3:45 pm (Friday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Bill Chu''' | Developer | [https://www.owasp.org/images/4/46/Interactive_Static_Analysis.pdfInteractive Static Analysis for Early Detection of Software Vulnerabilities - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Origin(al) Sins ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Alex Russell''' | Developer | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== The 7 Qualities of Highly Secure Software ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Mano 'dash4rk' Paul''' | Architecture | [https://www.owasp.org/index.php/File:7_Qualities_of_Highly_Secure_Software.pdf 7 Qualities of Highly Secure Software - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Web Framework Vulnerabilities ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Abraham Kang''' | Attack | [https://www.owasp.org/images/d/db/WebFrameworkVulnerablilitiesAppSecUSA.pdf Web App Framework Based Vulnerabilies - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Web App Crypto - A Study in Failure ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Travis H''' | Case Studies | [https://www.owasp.org/images/2/2f/Web_app_crypto_20121026.pdf Web App Cryptology A Study in Failure - PDF]</span> | ||
| + | |} | ||
| + | |||
| + | === <span style="color:#006699;">4:00 pm - 4:45 pm (Friday)</span> === | ||
| + | |||
| + | ---- | ||
| + | {| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Security at Scale ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Yvan Boily''' | Developer | Presentation not available</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Four Axes of Evil ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''HD Moore''' | Developer | [https://www.owasp.org/images/6/6f/Four_Axes_of_Evil.pdf Four Axes of Evil - PDF]</span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Pining For the Fjords: The Role of RBAC in Today's Applications ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Wendy Nather''' | Architecture | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Counterintelligence Attack Theory ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Fred Donovan''' | Attack | Presentation not available </span> | ||
| + | |- | ||
| + | ! scope="col" align="left" width="100%" | | ||
| + | ==== Top Strategies to Capture Security Intelligence for Applications ==== | ||
| + | <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''John Dickson''' | Case Studies | [https://www.owasp.org/images/8/8c/Top_Strategies_to_Capture_Security_Intelligence_for_Applications_OWASP.pdf Top Strategies to Capture Security Intelligence for Applications - PDF]</span> | ||
| + | |||
| + | |} | ||
| + | <br> | ||
[[Category:OWASP AppSec Conference]] | [[Category:OWASP AppSec Conference]] | ||
Revision as of 05:02, 19 November 2012
AppSec USA 2012 — LASCON Edition, TX
Austin, TX at the Hyatt Regency Hotel Downtown
Training: October 23rd-24th — Conference Sessions: October 25th-26th
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security.
For more information on CFP, CFT, Sponsorship, and registration, see the official AppSec USA website at http://www.appsecusa.org
- AppSecUSA Presentations and Talks
- 1 Thursday 25th Oct
- 1.1 10:00 am - 10:45 am (Thursday)
- 1.2 11:00 am - 11:45 am (Thursday)
- 1.2.1 Building a Web Attacker Dashboard with ModSecurity and BeEF
- 1.2.2 Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
- 1.2.3 Cracking the Code of Mobile Application
- 1.2.4 Hacking .NET Application: Reverse Engineering 101
- 1.2.5 Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
- 1.3 2:00 pm - 2:45 pm (Thursday)
- 1.4 3:00 pm - 3:45 pm (Thursday)
- 1.4.1 Exploiting Internal Network Vulns via the Browser using BeEF Bind
- 1.4.2 The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
- 1.4.3 Demystifying Security in the Cloud: AWS Scout
- 1.4.4 I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
- 1.4.5 Rebooting (secure) software development with continuous deployment
- 1.5 4:00 pm - 4:45 pm (Thursday)
- 2 Friday 26th Oct
- 2.1 10:00 am - 10:45 am (Friday)
- 2.2 11:00 am - 11:45 am (Friday)
- 2.2.1 The Same-Origin Saga
- 2.2.2 Hack your way to a degree: a new direction in teaching application security at universities
- 2.2.3 The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
- 2.2.4 Blended Threats and JavaScript: A Plan for Permanent Network Compromise
- 2.2.5 Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
- 2.3 1:00 pm - 1:45 pm (Friday)
- 2.4 2:00 pm - 2:45 pm (Friday)
- 2.4.1 Get off your AMF and don’t REST on JSON
- 2.4.2 Unraveling Some of the Mysteries around DOM-Based XSS
- 2.4.3 Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
- 2.4.4 XSS & CSRF with HTML5 - Attack, Exploit and Defense
- 2.4.5 The Application Security Ponzi Scheme: Stop paying for security failure
- 2.5 3:00 pm - 3:45 pm (Friday)
- 2.6 4:00 pm - 4:45 pm (Friday)
Thursday 25th Oct
10:00 am - 10:45 am (Thursday)
Building Predictable Systems using Behavioral Security Modeling: Functional Security RequirementsJohn Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF |
|---|
Top Ten Web DefensesJim Manico | Mobile | Top 10 Defenses for Website Security - PDF |
Mobile Applications & Proxy ShenanigansDan Amodio | Mobile | Presentation not available |
Reverse Engineering “Secure” HTTP APIs With An SSL ProxyAlejandro Caceres | Reverse Engineering | Presentation not available |
Gauntlt: Rugged by ExampleJeremiah Shirk | Rugged devops | Presentation not available |
11:00 am - 11:45 am (Thursday)
Building a Web Attacker Dashboard with ModSecurity and BeEFRyan Barnett | Attack | Presentation not available |
|---|
Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code ReviewsSherif Koussa | Developer | Presentation not available |
Cracking the Code of Mobile ApplicationSreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF |
Hacking .NET Application: Reverse Engineering 101Jon Mccoy | Reverse Engineering | Presentation not available |
Doing the unstuck: How Rugged cultures drive Biz & AppSec ValueJosh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF |
2:00 pm - 2:45 pm (Thursday)
Hacking with WebSocketsVaagn Toukharian | Attack | Presentation not available |
|---|
Bug Bounty ProgramsMichael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available |
How we tear into that little green manMathew Rowley | Mobile | Presentation not available |
AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of LifeJerry Hoff | Developer | Presentation not available |
Put your robots to work: security automation at TwitterJustin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available |
3:00 pm - 3:45 pm (Thursday)
Exploiting Internal Network Vulns via the Browser using BeEF BindMichele Orru | Attack | Presentation not available |
|---|
The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)Shay Chen | Developer | Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF |
Demystifying Security in the Cloud: AWS ScoutJonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF |
I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DASTOfer Maor | Developer | Presentation not available |
Rebooting (secure) software development with continuous deploymentNick Galbreath | Rugged devops | Presentation not available |
4:00 pm - 4:45 pm (Thursday)
Cross Site Port ScanningRiyaz Walikar | Attack | Cross Site Port Scanning - PDF |
|---|
Analyzing and Fixing Password Protection SchemesJohn Steven | Developer | Presentation not available |
Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding MethodsArshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available |
WTF - WAF Testing FrameworkYaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF |
DevOps Distilled: The DevOps Panel at AppSec USAJosh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF |
Friday 26th Oct
10:00 am - 10:45 am (Friday)
Effective approaches to web application securityZane Lackey | Developer | Effective approaches to web application security - PDF |
|---|
Why Web Security Is Fundamentally BrokenJeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF |
Payback on Web Attackers: Web HoneypotsSimon Roses Femerling | Architecture | Presentation not available |
Spin the bottle: Coupling technology and SE for one awesome hackDavid Kennedy | Attack | Presentation not available |
Incident Response: Security After CompromiseRichard Bejtlich | Case Studies | Presentation not available |
11:00 am - 11:45 am (Friday)
The Same-Origin SagaBrendan Eich | Developer | The Same-Origin Saga - PDF |
|---|
Hack your way to a degree: a new direction in teaching application security at universitiesKonstantinos Papapanagiotou | Developer | Hack your way to a degree - PDF |
The Magic of Symbiotic Security: Creating an Ecosystem of Security SystemsDan Cornell, Josh Sokol | Architecture | Presentation not available |
Blended Threats and JavaScript: A Plan for Permanent Network CompromisePhil Purviance | Attack | Presentation not available |
Unbreakable Oracle ERPs? Attacks on Siebel & JD EdwardsJuan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation not available |
1:00 pm - 1:45 pm (Friday)
Builders Vs. BreakersBrett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF |
|---|
Real World Cloud Application SecurityJason Chan | Cloud | Presentation not available |
NoSQL, no security?Will Urbanski | Architecture | Presentation not available |
SQL Server Exploitation, Escalation, and PilferingAntti Rantasaari, Scott Sutherland | Attack | Presentation not available |
Iran's real life cyberwarPhillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF |
2:00 pm - 2:45 pm (Friday)
Get off your AMF and don’t REST on JSONDan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF |
|---|
Unraveling Some of the Mysteries around DOM-Based XSSDave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF |
Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of CertsTobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks - PDF |
XSS & CSRF with HTML5 - Attack, Exploit and DefenseShreeraj Shah | Attack | Presentation not available |
The Application Security Ponzi Scheme: Stop paying for security failureJarret Raim, Matt Tesauro | Case Studies | Presentation not available |
3:00 pm - 3:45 pm (Friday)
Using Interactive Static Analysis for Early Detection of Software VulnerabilitiesBill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF |
|---|
Origin(al) SinsAlex Russell | Developer | Presentation not available |
The 7 Qualities of Highly Secure SoftwareMano 'dash4rk' Paul | Architecture | 7 Qualities of Highly Secure Software - PDF |
Web Framework VulnerabilitiesAbraham Kang | Attack | Web App Framework Based Vulnerabilies - PDF |
Web App Crypto - A Study in FailureTravis H | Case Studies | Web App Cryptology A Study in Failure - PDF |
4:00 pm - 4:45 pm (Friday)
Security at ScaleYvan Boily | Developer | Presentation not available |
|---|
Four Axes of EvilHD Moore | Developer | Four Axes of Evil - PDF |
Pining For the Fjords: The Role of RBAC in Today's ApplicationsWendy Nather | Architecture | Presentation not available |
Counterintelligence Attack TheoryFred Donovan | Attack | Presentation not available |
Top Strategies to Capture Security Intelligence for ApplicationsJohn Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF |
