This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
AppSecUSA 2012
AppSec USA 2012 — LASCON Edition, TX
Austin, TX at the Hyatt Regency Hotel Downtown
Training: October 23rd-24th — Conference Sessions: October 25th-26th
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security.
For more information on CFP, CFT, Sponsorship, and registration, see the official AppSec USA website at http://www.appsecusa.org
- 1 AppSec USA 2012 Presentations and Talks
- 1.1 Thursday 25th Oct
- 1.1.1 10:00 am - 10:45 am (Thursday)
- 1.1.2 11:00 am - 11:45 am (Thursday)
- 1.1.2.1 Building a Web Attacker Dashboard with ModSecurity and BeEF
- 1.1.2.2 Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
- 1.1.2.3 Cracking the Code of Mobile Application
- 1.1.2.4 Hacking .NET Application: Reverse Engineering 101
- 1.1.2.5 Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
- 1.1.3 2:00 pm - 2:45 pm (Thursday)
- 1.1.4 3:00 pm - 3:45 pm (Thursday)
- 1.1.4.1 Exploiting Internal Network Vulns via the Browser using BeEF Bind
- 1.1.4.2 The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
- 1.1.4.3 Demystifying Security in the Cloud: AWS Scout
- 1.1.4.4 I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
- 1.1.4.5 Rebooting (secure) software development with continuous deployment
- 1.1.5 4:00 pm - 4:45 pm (Thursday)
- 1.2 Friday 26th Oct
- 1.2.1 10:00 am - 10:45 am (Friday)
- 1.2.2 11:00 am - 11:45 am (Friday)
- 1.2.2.1 The Same-Origin Saga
- 1.2.2.2 Hack your way to a degree: a new direction in teaching application security at universities
- 1.2.2.3 The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
- 1.2.2.4 Blended Threats and JavaScript: A Plan for Permanent Network Compromise
- 1.2.2.5 Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
- 1.2.3 1:00 pm - 1:45 pm (Friday)
- 1.2.4 2:00 pm - 2:45 pm (Friday)
- 1.2.4.1 Get off your AMF and don’t REST on JSON
- 1.2.4.2 Unraveling Some of the Mysteries around DOM-Based XSS
- 1.2.4.3 Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
- 1.2.4.4 XSS & CSRF with HTML5 - Attack, Exploit and Defense
- 1.2.4.5 The Application Security Ponzi Scheme: Stop paying for security failure
- 1.2.5 3:00 pm - 3:45 pm (Friday)
- 1.2.6 4:00 pm - 4:45 pm (Friday)
- 1.1 Thursday 25th Oct
AppSec USA 2012 Presentations and Talks
Thursday 25th Oct
10:00 am - 10:45 am (Thursday)
Building Predictable Systems using Behavioral Security Modeling: Functional Security RequirementsJohn Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF |
---|
Top Ten Web DefensesJim Manico | Mobile | Top 10 Defenses for Website Security - PDF |
Mobile Applications & Proxy ShenanigansDan Amodio | Mobile | Presentation not available |
Reverse Engineering “Secure” HTTP APIs With An SSL ProxyAlejandro Caceres | Reverse Engineering | Presentation not available |
Gauntlt: Rugged by ExampleJeremiah Shirk | Rugged devops | Presentation not available |
11:00 am - 11:45 am (Thursday)
Building a Web Attacker Dashboard with ModSecurity and BeEFRyan Barnett | Attack | Presentation not available |
---|
Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code ReviewsSherif Koussa | Developer | Presentation not available |
Cracking the Code of Mobile ApplicationSreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF |
Hacking .NET Application: Reverse Engineering 101Jon Mccoy | Reverse Engineering | Presentation not available |
Doing the unstuck: How Rugged cultures drive Biz & AppSec ValueJosh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF |
2:00 pm - 2:45 pm (Thursday)
Hacking with WebSocketsVaagn Toukharian | Attack | Presentation not available |
---|
Bug Bounty ProgramsMichael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available |
How we tear into that little green manMathew Rowley | Mobile | Presentation not available |
AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of LifeJerry Hoff | Developer | Presentation not available |
Put your robots to work: security automation at TwitterJustin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available |
3:00 pm - 3:45 pm (Thursday)
Exploiting Internal Network Vulns via the Browser using BeEF BindMichele Orru | Attack | Presentation not available |
---|
The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)Shay Chen | Developer | Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF |
Demystifying Security in the Cloud: AWS ScoutJonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF |
I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DASTOfer Maor | Developer | Presentation not available |
Rebooting (secure) software development with continuous deploymentNick Galbreath | Rugged devops | Presentation not available |
4:00 pm - 4:45 pm (Thursday)
Cross Site Port ScanningRiyaz Walikar | Attack | Cross Site Port Scanning - PDF |
---|
Analyzing and Fixing Password Protection SchemesJohn Steven | Developer | Presentation not available |
Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding MethodsArshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available |
WTF - WAF Testing FrameworkYaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF |
DevOps Distilled: The DevOps Panel at AppSec USAJosh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF |
Friday 26th Oct
10:00 am - 10:45 am (Friday)
Effective approaches to web application securityZane Lackey | Developer | Effective approaches to web application security - PDF |
---|
Why Web Security Is Fundamentally BrokenJeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF |
Payback on Web Attackers: Web HoneypotsSimon Roses Femerling | Architecture | Presentation not available |
Spin the bottle: Coupling technology and SE for one awesome hackDavid Kennedy | Attack | Presentation not available |
Incident Response: Security After CompromiseRichard Bejtlich | Case Studies | Presentation not available |
11:00 am - 11:45 am (Friday)
The Same-Origin SagaBrendan Eich | Developer | The Same-Origin Saga - PDF |
---|
Hack your way to a degree: a new direction in teaching application security at universitiesKonstantinos Papapanagiotou | Developer | Hack your way to a degree - PDF |
The Magic of Symbiotic Security: Creating an Ecosystem of Security SystemsDan Cornell, Josh Sokol | Architecture | Presentation not available |
Blended Threats and JavaScript: A Plan for Permanent Network CompromisePhil Purviance | Attack | Presentation not available |
Unbreakable Oracle ERPs? Attacks on Siebel & JD EdwardsJuan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation not available |
1:00 pm - 1:45 pm (Friday)
Builders Vs. BreakersBrett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF |
---|
Real World Cloud Application SecurityJason Chan | Cloud | Presentation not available |
NoSQL, no security?Will Urbanski | Architecture | Presentation not available |
SQL Server Exploitation, Escalation, and PilferingAntti Rantasaari, Scott Sutherland | Attack | Presentation not available |
Iran's real life cyberwarPhillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF |
2:00 pm - 2:45 pm (Friday)
Get off your AMF and don’t REST on JSONDan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF |
---|
Unraveling Some of the Mysteries around DOM-Based XSSDave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF |
Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of CertsTobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks - PDF |
XSS & CSRF with HTML5 - Attack, Exploit and DefenseShreeraj Shah | Attack | Presentation not available |
The Application Security Ponzi Scheme: Stop paying for security failureJarret Raim, Matt Tesauro | Case Studies | Presentation not available |
3:00 pm - 3:45 pm (Friday)
Using Interactive Static Analysis for Early Detection of Software VulnerabilitiesBill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF |
---|
Origin(al) SinsAlex Russell | Developer | Presentation not available |
The 7 Qualities of Highly Secure SoftwareMano 'dash4rk' Paul | Architecture | 7 Qualities of Highly Secure Software - PDF |
Web Framework VulnerabilitiesAbraham Kang | Attack | Web App Framework Based Vulnerabilies - PDF |
Web App Crypto - A Study in FailureTravis H | Case Studies | Web App Cryptology A Study in Failure - PDF |
4:00 pm - 4:45 pm (Friday)
Security at ScaleYvan Boily | Developer | Presentation not available |
---|
Four Axes of EvilHD Moore | Developer | Four Axes of Evil - PDF |
Pining For the Fjords: The Role of RBAC in Today's ApplicationsWendy Nather | Architecture | Presentation not available |
Counterintelligence Attack TheoryFred Donovan | Attack | Presentation not available |
Top Strategies to Capture Security Intelligence for ApplicationsJohn Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF |