This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "AppSecUSA"

Jump to: navigation, search
(Top Strategies to Capture Security Intelligence for Applications)
(Top Strategies to Capture Security Intelligence for Applications)
Line 210: Line 210:
==== Top Strategies to Capture Security Intelligence for Applications ====
==== Top Strategies to Capture Security Intelligence for Applications ====
*'''John Dickson''' | Case Studies | [ Top Strategies to Capture Security Intelligence for Applications] - PDF
*'''John Dickson''' | Case Studies | [ Top Strategies to Capture Security Intelligence for Applications - PDF]

Revision as of 15:58, 18 November 2012

  • AppSecUSA Presentations and Talks

Thursday 25th Oct

10:00 am - 10:45 am

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

Top Ten Web Defenses

Mobile Applications & Proxy Shenanigans

  • Dan Amodio | Mobile | PDF

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

  • Alejandro Caceres | Reverse Engineering | PDF

Gauntlt: Rugged by Example

  • Jeremiah Shirk | Rugged devops | PDF

11:00 am - 11:45 am

Building a Web Attacker Dashboard with ModSecurity and BeEF

  • Ryan Barnett | Attack | PDF

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

  • Sherif Koussa | Developer | PDF

Cracking the Code of Mobile Application

Hacking .NET Application: Reverse Engineering 101

  • Jon Mccoy | Reverse Engineering | PDF

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

2:00 pm - 2:45 pm

Hacking with WebSockets

  • Vaagn Toukharian | Attack | PDF

Bug Bounty Programs

  • Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | PDF

How we tear into that little green man

  • Mathew Rowley | Mobile | PDF

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

  • Jerry Hoff | Developer | PDF

Put your robots to work: security automation at Twitter

  • Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | PDF

3:00 pm - 3:45 pm

Exploiting Internal Network Vulns via the Browser using BeEF Bind

  • Michele Orru | Attack | PDF

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

Demystifying Security in the Cloud: AWS Scout

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

  • Ofer Maor | Developer | PDF

Rebooting (secure) software development with continuous deployment

  • Nick Galbreath | Rugged devops | PDF

4:00 pm - 4:45 pm

Cross Site Port Scanning

Analyzing and Fixing Password Protection Schemes

  • John Steven | Developer | PDF

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

  • Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | PDF

WTF - WAF Testing Framework

DevOps Distilled: The DevOps Panel at AppSec USA

Friday 26th Oct

10:00 am - 10:45 am

Effective approaches to web application security

Why Web Security Is Fundamentally Broken

Payback on Web Attackers: Web Honeypots

  • Simon Roses Femerling | Architecture | PDF

Spin the bottle: Coupling technology and SE for one awesome hack

  • David Kennedy | Attack | PDF

Incident Response: Security After Compromise

  • Richard Bejtlich | Case Studies | PDF

11:00 am - 11:45 am

The Same-Origin Saga

Hack your way to a degree: a new direction in teaching application security at universities

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

  • Dan Cornell, Josh Sokol | Architecture | PDF

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

  • Phil Purviance | Attack | PDF

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

  • Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | PDF

1:00 pm - 1:45 pm

Builders Vs. Breakers

Real World Cloud Application Security

  • Jason Chan | Cloud | PDF

NoSQL, no security?

  • Will Urbanski | Architecture | PDF

SQL Server Exploitation, Escalation, and Pilfering

  • Antti Rantasaari, Scott Sutherland | Attack | PDF

Iran's real life cyberwar

2:00 pm - 2:45 pm

Get off your AMF and don’t REST on JSON

Unraveling Some of the Mysteries around DOM-Based XSS

  • Dave Wichers | Developer | PDF

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

XSS & CSRF with HTML5 - Attack, Exploit and Defense

  • Shreeraj Shah | Attack | PDF

The Application Security Ponzi Scheme: Stop paying for security failure

  • Jarret Raim, Matt Tesauro | Case Studies | PDF

3:00 pm - 3:45 pm

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

Origin(al) Sins

  • Alex Russell | Developer | PDF

The 7 Qualities of Highly Secure Software

Web Framework Vulnerabilities

  • Abraham Kang | Attack | PDF

Web App Crypto - A Study in Failure

  • Travis H | Case Studies | PDF

4:00 pm - 4:45 pm

Security at Scale

  • Yvan Boily | Developer | PDF

Four Axes of Evil

Pining For the Fjords: The Role of RBAC in Today's Applications

  • Wendy Nather | Architecture | PDF

Counterintelligence Attack Theory

  • Fred Donovan | Attack | PDF

Top Strategies to Capture Security Intelligence for Applications