This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "AppSecUSA"

Jump to: navigation, search
(NoSQL, no security?)
(Gauntlt: Rugged by Example)
Line 19: Line 19:
==== Gauntlt: Rugged by Example ====
==== Gauntlt: Rugged by Example ====
*'''Jeremiah Shirk''' | Rugged devops | PDF
*'''Jeremiah Shirk''' | Rugged devops | Presentation not available
=== 11:00 am  - 11:45 am  ===
=== 11:00 am  - 11:45 am  ===

Revision as of 16:54, 18 November 2012

  • AppSecUSA Presentations and Talks

Thursday 25th Oct

10:00 am - 10:45 am

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

Top Ten Web Defenses

Mobile Applications & Proxy Shenanigans

  • Dan Amodio | Mobile | Presentation not available

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

  • Alejandro Caceres | Reverse Engineering | Presentation not available

Gauntlt: Rugged by Example

  • Jeremiah Shirk | Rugged devops | Presentation not available

11:00 am - 11:45 am

Building a Web Attacker Dashboard with ModSecurity and BeEF

  • Ryan Barnett | Attack | Presentation not available

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

  • Sherif Koussa | Developer | Presentation not available

Cracking the Code of Mobile Application

Hacking .NET Application: Reverse Engineering 101

  • Jon Mccoy | Reverse Engineering | Presentation not available

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

2:00 pm - 2:45 pm

Hacking with WebSockets

  • Vaagn Toukharian | Attack | Presentation not available

Bug Bounty Programs

  • Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available

How we tear into that little green man

  • Mathew Rowley | Mobile | Presentation not available

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

  • Jerry Hoff | Developer | Presentation not available

Put your robots to work: security automation at Twitter

  • Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available

3:00 pm - 3:45 pm

Exploiting Internal Network Vulns via the Browser using BeEF Bind

  • Michele Orru | Attack | Presentation not available

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

Demystifying Security in the Cloud: AWS Scout

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

  • Ofer Maor | Developer | Presentation not available

Rebooting (secure) software development with continuous deployment

  • Nick Galbreath | Rugged devops | Presentation not available

4:00 pm - 4:45 pm

Cross Site Port Scanning

Analyzing and Fixing Password Protection Schemes

  • John Steven | Developer | Presentation not available

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

  • Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available

WTF - WAF Testing Framework

DevOps Distilled: The DevOps Panel at AppSec USA

Friday 26th Oct

10:00 am - 10:45 am

Effective approaches to web application security

Why Web Security Is Fundamentally Broken

Payback on Web Attackers: Web Honeypots

  • Simon Roses Femerling | Architecture | Presentation not available

Spin the bottle: Coupling technology and SE for one awesome hack

  • David Kennedy | Attack | Presentation not available

Incident Response: Security After Compromise

  • Richard Bejtlich | Case Studies | Presentation not available

11:00 am - 11:45 am

The Same-Origin Saga

Hack your way to a degree: a new direction in teaching application security at universities

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

  • Dan Cornell, Josh Sokol | Architecture | Presentation not available

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

  • Phil Purviance | Attack | Presentation not available

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

  • Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation Not available

1:00 pm - 1:45 pm

Builders Vs. Breakers

Real World Cloud Application Security

  • Jason Chan | Cloud | Presentation not available

NoSQL, no security?

  • Will Urbanski | Architecture | Presentation not available

SQL Server Exploitation, Escalation, and Pilfering

  • Antti Rantasaari, Scott Sutherland | Attack | Presentation Not available

Iran's real life cyberwar

2:00 pm - 2:45 pm

Get off your AMF and don’t REST on JSON

Unraveling Some of the Mysteries around DOM-Based XSS

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

XSS & CSRF with HTML5 - Attack, Exploit and Defense

  • Shreeraj Shah | Attack | Presentation not available

The Application Security Ponzi Scheme: Stop paying for security failure

  • Jarret Raim, Matt Tesauro | Case Studies | Presentation not available

3:00 pm - 3:45 pm

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

Origin(al) Sins

  • Alex Russell | Developer | Presentation not available

The 7 Qualities of Highly Secure Software

Web Framework Vulnerabilities

Web App Crypto - A Study in Failure

4:00 pm - 4:45 pm

Security at Scale

  • Yvan Boily | Developer | Presentation not available

Four Axes of Evil

Pining For the Fjords: The Role of RBAC in Today's Applications

  • Wendy Nather | Architecture | Presentation not available

Counterintelligence Attack Theory

  • Fred Donovan | Attack | Presentation not available

Top Strategies to Capture Security Intelligence for Applications