Difference between revisions of "AppSecUSA 2012.com"

Revision as of 19:11, 18 November 2012

AppSecUSA Presentations and Talks

1 Thursday 25th Oct
2 Friday 26th Oct

Thursday 25th Oct

10:00 am - 10:45 am

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

John Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF

Top Ten Web Defenses

Jim Manico | Mobile | Top 10 Defenses for Website Security - PDF

Mobile Applications & Proxy Shenanigans

Dan Amodio | Mobile | Presentation not available

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

Alejandro Caceres | Reverse Engineering | Presentation not available

Gauntlt: Rugged by Example

Jeremiah Shirk | Rugged devops | Presentation not available

11:00 am - 11:45 am

Building a Web Attacker Dashboard with ModSecurity and BeEF

Ryan Barnett | Attack | Presentation not available

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

Sherif Koussa | Developer | Presentation not available

Cracking the Code of Mobile Application

Sreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF

Hacking .NET Application: Reverse Engineering 101

Jon Mccoy | Reverse Engineering | Presentation not available

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

Josh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF

2:00 pm - 2:45 pm

Hacking with WebSockets

Vaagn Toukharian | Attack | Presentation not available

Bug Bounty Programs

Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available

How we tear into that little green man

Mathew Rowley | Mobile | Presentation not available

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

Jerry Hoff | Developer | Presentation not available

Put your robots to work: security automation at Twitter

Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available

3:00 pm - 3:45 pm

Exploiting Internal Network Vulns via the Browser using BeEF Bind

Michele Orru | Attack | Presentation not available

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

Shay Chen | Developer | The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF

Demystifying Security in the Cloud: AWS Scout

Jonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

Ofer Maor | Developer | Presentation not available

Rebooting (secure) software development with continuous deployment

Nick Galbreath | Rugged devops | Presentation not available

4:00 pm - 4:45 pm

Cross Site Port Scanning

Riyaz Walikar | Attack | Cross Site Port Scanning - PDF

Analyzing and Fixing Password Protection Schemes

John Steven | Developer | Presentation not available

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available

WTF - WAF Testing Framework

Yaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF

DevOps Distilled: The DevOps Panel at AppSec USA

Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF

Friday 26th Oct

10:00 am - 10:45 am

Effective approaches to web application security

Zane Lackey | Developer | Effective approaches to web application security - PDF

Why Web Security Is Fundamentally Broken

Jeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF

Payback on Web Attackers: Web Honeypots

Simon Roses Femerling | Architecture | Presentation not available

Spin the bottle: Coupling technology and SE for one awesome hack

David Kennedy | Attack | Presentation not available

Incident Response: Security After Compromise

Richard Bejtlich | Case Studies | Presentation not available

11:00 am - 11:45 am

The Same-Origin Saga

Brendan Eich | Developer | The Same-Origin Saga - PDF

Hack your way to a degree: a new direction in teaching application security at universities

Konstantinos Papapanagiotou | Developer | Hack your way to a degree: a new direction in teaching application security at universities - PDF

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

Dan Cornell, Josh Sokol | Architecture | Presentation not available

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

Phil Purviance | Attack | Presentation not available

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation not available

1:00 pm - 1:45 pm

Builders Vs. Breakers

Brett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF

Real World Cloud Application Security

Jason Chan | Cloud | Presentation not available

NoSQL, no security?

Will Urbanski | Architecture | Presentation not available

SQL Server Exploitation, Escalation, and Pilfering

Antti Rantasaari, Scott Sutherland | Attack | Presentation not available

Iran's real life cyberwar

Phillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF

2:00 pm - 2:45 pm

Get off your AMF and don’t REST on JSON

Dan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF

Unraveling Some of the Mysteries around DOM-Based XSS

Dave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

Tobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks - PDF

XSS & CSRF with HTML5 - Attack, Exploit and Defense

Shreeraj Shah | Attack | Presentation not available

The Application Security Ponzi Scheme: Stop paying for security failure

Jarret Raim, Matt Tesauro | Case Studies | Presentation not available

3:00 pm - 3:45 pm

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

Bill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF

Origin(al) Sins

Alex Russell | Developer | Presentation not available

4:00 pm - 4:45 pm

Security at Scale

Yvan Boily | Developer | Presentation not available

Four Axes of Evil

HD Moore | Developer | Four Axes of Evil - PDF

Pining For the Fjords: The Role of RBAC in Today's Applications

Wendy Nather | Architecture | Presentation not available

Counterintelligence Attack Theory

Fred Donovan | Attack | Presentation not available

Top Strategies to Capture Security Intelligence for Applications

John Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF

@@ Line 7: / Line 7: @@
 ----
-{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;"
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements ====
-<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF] </span>
+<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px; width:100%;" >'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF] </span>
 |-
 ! scope="col" align="left" width="100%" |
@@ Line 28: / Line 28: @@
 ==== Gauntlt: Rugged by Example ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jeremiah Shirk''' | Rugged devops | Presentation not available </span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 11:00 am  - 11:45 am  ===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
@@ Line 53: / Line 55: @@
 ==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Josh Corman''' | Rugged devops | [https://www.owasp.org/images/d/d5/Doing_the_Unstuck.pdf Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF]</span>
-|-
-! scope="col" align="left" width="100%" |
+|}
 === 2:00 pm  - 2:45 pm  ===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Hacking with WebSockets ====
@@ Line 78: / Line 81: @@
 ==== Put your robots to work: security automation at Twitter ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | Presentation Not available </span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 3:00 pm  - 3:45 pm  ===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
@@ Line 103: / Line 106: @@
 ==== Rebooting (secure) software development with continuous deployment ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Nick Galbreath''' | Rugged devops | Presentation not available</span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 4:00 pm  - 4:45 pm  ===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Cross Site Port Scanning ====
@@ Line 135: / Line 137: @@
 ----
-{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;"
+{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Effective approaches to web application security ====
@@ Line 155: / Line 157: @@
 ==== Incident Response: Security After Compromise ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Richard Bejtlich''' | Case Studies | Presentation not available</span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 11:00 am - 11:45 am 	===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== The Same-Origin Saga ====
@@ Line 180: / Line 181: @@
 ==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | Presentation not available</span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 1:00 pm - 1:45 pm 	===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Builders Vs. Breakers ====
@@ Line 205: / Line 205: @@
 ==== Iran's real life cyberwar ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Phillip Hallam-Baker''' | Case Studies | [https://www.owasp.org/images/5/59/Iran%E2%80%99s_Real_Life_Cyberwar.pdf Iran’s Real Life Cyberwar - PDF]</span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 2:00 pm - 2:45 pm 	===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Get off your AMF and don’t REST on JSON ====
@@ Line 230: / Line 229: @@
 ==== The Application Security Ponzi Scheme: Stop paying for security failure ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jarret Raim, Matt Tesauro''' | Case Studies | Presentation not available</span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 3:00 pm - 3:45 pm 	===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====
@@ Line 255: / Line 253: @@
 ==== Web App Crypto - A Study in Failure ====
 <span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Travis H''' | Case Studies | [https://www.owasp.org/images/2/2f/Web_app_crypto_20121026.pdf Web App Cryptology A Study in Failure - PDF]</span>
-|-
+|}
-! scope="col" align="left" width="100%" |
 === 4:00 pm - 4:45 pm 	===
 ----
-|-
+{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 ! scope="col" align="left" width="100%" |
 ==== Security at Scale ====

Difference between revisions of "AppSecUSA 2012.com"

Revision as of 19:11, 18 November 2012

Thursday 25th Oct

10:00 am - 10:45 am

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

Top Ten Web Defenses

Mobile Applications & Proxy Shenanigans

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

Gauntlt: Rugged by Example

11:00 am - 11:45 am

Building a Web Attacker Dashboard with ModSecurity and BeEF

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

Cracking the Code of Mobile Application

Hacking .NET Application: Reverse Engineering 101

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

2:00 pm - 2:45 pm

Hacking with WebSockets

Bug Bounty Programs

How we tear into that little green man

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

Put your robots to work: security automation at Twitter

3:00 pm - 3:45 pm

Exploiting Internal Network Vulns via the Browser using BeEF Bind

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

Demystifying Security in the Cloud: AWS Scout

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

Rebooting (secure) software development with continuous deployment

4:00 pm - 4:45 pm

Cross Site Port Scanning

Analyzing and Fixing Password Protection Schemes

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

WTF - WAF Testing Framework

DevOps Distilled: The DevOps Panel at AppSec USA

Friday 26th Oct

10:00 am - 10:45 am

Effective approaches to web application security

Why Web Security Is Fundamentally Broken

Payback on Web Attackers: Web Honeypots

Spin the bottle: Coupling technology and SE for one awesome hack

Incident Response: Security After Compromise

11:00 am - 11:45 am

The Same-Origin Saga

Hack your way to a degree: a new direction in teaching application security at universities

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

1:00 pm - 1:45 pm

Builders Vs. Breakers

Real World Cloud Application Security

NoSQL, no security?

SQL Server Exploitation, Escalation, and Pilfering

Iran's real life cyberwar

2:00 pm - 2:45 pm

Get off your AMF and don’t REST on JSON

Unraveling Some of the Mysteries around DOM-Based XSS

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

XSS & CSRF with HTML5 - Attack, Exploit and Defense

The Application Security Ponzi Scheme: Stop paying for security failure

3:00 pm - 3:45 pm

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

Origin(al) Sins

The 7 Qualities of Highly Secure Software

Web Framework Vulnerabilities

Web App Crypto - A Study in Failure

4:00 pm - 4:45 pm

Security at Scale

Four Axes of Evil

Pining For the Fjords: The Role of RBAC in Today's Applications

Counterintelligence Attack Theory

Top Strategies to Capture Security Intelligence for Applications

Navigation menu

Search