This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/Schedule/4-4-2012"
From OWASP
Mark.bristow (talk | contribs) |
Mark.bristow (talk | contribs) |
||
| Line 24: | Line 24: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM | | width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/DOMJacking__Attack_Exploit_and_Defense|DOMJacking - Attack, Exploit and Defense]]<br>video | [[media: ASDC12-DOMJacking_Attack_Exploit_and_Defense.pdf|slides]]<br><br>Shreeraj Shah |
| − | Shreeraj Shah | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/The_Unfortunate_Reality_of_Insecure_Libraries|The Unfortunate Reality of Insecure Libraries]]<br>video | [[media: ASDC12-The_Unfortunate_Reality_of_Insecure_Libraries.pdf|slides]]<br><br>Jeff Williams and Arshan Dabirsiaghi |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Python_Basics_for_Web_App_Pentesters__Part_2|Python Basics for Web App Pentesters - Part 2]]<br>video | [[media: ASDC12-Python_Basics_for_Web_App_Pentesters__Part_2.pdf|slides]]<br><br>Justin Searle |
| − | Jeff Williams and Arshan Dabirsiaghi | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=3 | [[OWASP_AppSec_DC_2012/Integrating_Application_Security_into_your_Lifecycle_andProcurement|Integrating Application Security into your Lifecycle and |
| − | | | + | Procurement]]<br>video | slides<br><br>Moderator: Jim Manico |
| − | Justin Searle | ||
| − | | | ||
| − | Moderator: Jim Manico | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 12:00 PM | | width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 12:00 PM | ||
| Line 37: | Line 34: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 12:00 PM - 12:50 PM | | width=72 valign=middle bgcolor=#7b8abd | 12:00 PM - 12:50 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Attacking_CAPTCHAs_for_Fun_and_Profit|Attacking CAPTCHAs for Fun and Profit]]<br>video | [[media: ASDC12-Attacking_CAPTCHAs_for_Fun_and_Profit.pdf|slides]]<br><br>Gursev Singh Kalra |
| − | Gursev Singh Kalra | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | GoatDroid <br>video | slides<br><br>Jack Manino |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Security_is_Dead_Long_Live_Rugged_DevOps_IT_at_LudicrousSpeed|Security is Dead. Long Live Rugged DevOps: IT at Ludicrous |
| − | | | + | Speed]]<br>video | [[media: ASDC12-Security_is_Dead_Long_Live_Rugged_DevOps_IT_at_LudicrousSpeed.pdf|slides]]<br><br>Joshua Corman |
| − | Joshua Corman | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 12:50 PM - 2:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 12:50 PM - 2:30 PM | ||
| Line 47: | Line 43: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Hacking_NETC_Applications_The_Black_Arts|Hacking .NET(C#) Applications: The Black Arts]]<br>video | [[media: ASDC12-Hacking_NETC_Applications_The_Black_Arts.pdf|slides]]<br><br>Jon McCoy |
| − | Jon McCoy | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Security_at_scale_Web_application_security_in_a_continuousdeployment_environment|Security at scale: Web application security in a continuous |
| − | | | + | deployment environment]]<br>video | [[media: ASDC12-Security_at_scale_Web_application_security_in_a_continuousdeployment_environment.pdf|slides]]<br><br>Zane Lackey |
| − | Zane Lackey | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/The_Easy_Button_for_Your_Web_Application_Security_Career|The "Easy" Button for Your Web Application Security Career]]<br>video | [[media: ASDC12-The_Easy_Button_for_Your_Web_Application_Security_Career.pdf|slides]]<br><br>Salvador Grec |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=3 | [[OWASP_AppSec_DC_2012/Risk_Analysis_and_Measurement_with_CWRAF|Risk Analysis and Measurement with CWRAF]]<br>video | [[media: ASDC12-Risk_Analysis_and_Measurement_with_CWRAF.pdf|slides]]<br><br>Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan |
| − | Salvador Grec | ||
| − | | | ||
| − | Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM | ||
| Line 60: | Line 53: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/OWASP_Broken_Web_Applications_OWASP_BWA_10_Release|OWASP Broken Web Applications (OWASP BWA) 1.0 Release]]<br>video | [[media: ASDC12-OWASP_Broken_Web_Applications_OWASP_BWA_10_Release.pdf|slides]]<br><br>Chuck Willis |
| − | Chuck Willis | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Security_Is_Like_An_Onion_Thats_Why_It_Makes_You_Cry|Security Is Like An Onion, That's Why It Makes You Cry]]<br>video | [[media: ASDC12-Security_Is_Like_An_Onion_Thats_Why_It_Makes_You_Cry.pdf|slides]]<br><br>Michele Chubirka |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Anatomy_of_a_Logic_Flaw|Anatomy of a Logic Flaw]]<br>video | [[media: ASDC12-Anatomy_of_a_Logic_Flaw.pdf|slides]]<br><br>Charles Henderson and David Byrne |
| − | [ | + | |
| − | Michele Chubirka | ||
| − | | | ||
| − | Charles Henderson and David Byrne | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM | | width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM | ||
| Line 72: | Line 62: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/New_and_Improved_Hacking_Oracle_from_Web|New and Improved Hacking Oracle from Web]]<br>video | [[media: ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf|slides]]<br><br>Sumit Siddharth |
| − | Sumit Siddharth | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/State_of_Web_Security|State of Web Security]]<br>video | [[media: ASDC12-State_of_Web_Security.pdf|slides]]<br><br>Robert Rowley |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Old_Webshells_New_Tricks__How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them|Old Webshells, New Tricks -- How Persistent Threats have |
| − | Robert Rowley | + | revived an old idea, and how you can detect them.]]<br>video | [[media: ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf|slides]]<br><br>Ryan Kazanciyan |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=3 | [[OWASP_AppSec_DC_2012/Fed_Panel|Fed Panel]]<br>video | slides<br><br>Moderator: Rex Booth<br> |
| − | Ryan Kazanciyan | ||
| − | | | ||
| − | Moderator: Rex Booth<br> | ||
Ron Ross, Joe Jarzombek, Kris Britton & Darren Death | Ron Ross, Joe Jarzombek, Kris Britton & Darren Death | ||
|- | |- | ||
| Line 86: | Line 73: | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 5:30 PM - 6:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 5:30 PM - 6:20 PM | ||
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Unraveling_some_of_the_Mysteries_around_DOMbased_XSS|Unraveling some of the Mysteries around DOM-based XSS]]<br>video | [[media: ASDC12-Unraveling_some_of_the_Mysteries_around_DOMbased_XSS.pdf|slides]]<br><br>Dave Wichers |
| − | Dave Wichers | + | | align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/2012_Global_Security_Report|2012 Global Security Report]]<br>video | [[media: ASDC12-2012_Global_Security_Report.pdf|slides]]<br><br>Tom Brennan and Nick Percoco |
| − | | | + | | align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Survivable_Software_for_CyberPhysical_Systems|Survivable Software for Cyber-Physical Systems]]<br>video | [[media: ASDC12-Survivable_Software_for_CyberPhysical_Systems.pdf|slides]]<br><br>Karen Mercedes Goertzel |
| − | Tom Brennan and Nick Percoco | ||
| − | | | ||
| − | Karen Mercedes Goertzel | ||
|- | |- | ||
| width=72 valign=middle bgcolor=#7b8abd | 6:20 PM | | width=72 valign=middle bgcolor=#7b8abd | 6:20 PM | ||
| valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Networking Opportunity in Room 207AB sponsored by: [[Image:SPL-LOGO-MED.png|link=https://www.trustwave.com/]] | | valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Networking Opportunity in Room 207AB sponsored by: [[Image:SPL-LOGO-MED.png|link=https://www.trustwave.com/]] | ||
|} | |} | ||
Revision as of 02:06, 19 April 2012
| Plenary Day 1 - 4/4/2012 | ||||
| Offense & Tools Room 201 |
Case Studies Room 202A |
IoMT Room 202B |
Interrogate! Room 206 | |
|---|---|---|---|---|
| 7:30 AM - 8:50 AM | Registration | |||
| 8:50 AM - 9:00 AM | Welcome and Opening Remarks Room 202A | |||
| 9:00 AM - 10:00 AM | Keynote: Dan Geer Room 202A | |||
| 10:00 AM - 10:45 AM | OWASP Board Room 202A | |||
| 10:45 AM - 11:00 AM | Coffee Break | |||
| 11:00 AM - 11:50 AM | DOMJacking - Attack, Exploit and Defense video | slides Shreeraj Shah |
The Unfortunate Reality of Insecure Libraries video | slides Jeff Williams and Arshan Dabirsiaghi |
Python Basics for Web App Pentesters - Part 2 video | slides Justin Searle |
Integrating Application Security into your Lifecycle and
Procurement video | slides Moderator: Jim Manico |
| 11:50 AM - 12:00 PM | Coffee Break | |||
| 12:00 PM - 12:50 PM | Attacking CAPTCHAs for Fun and Profit video | slides Gursev Singh Kalra |
GoatDroid video | slides Jack Manino |
Security is Dead. Long Live Rugged DevOps: IT at Ludicrous
Speed video | slides Joshua Corman | |
| 12:50 PM - 2:30 PM | No-Host Lunch | |||
| 2:30 PM - 3:20 PM | Hacking .NET(C#) Applications: The Black Arts video | slides Jon McCoy |
Security at scale: Web application security in a continuous
deployment environment video | slides Zane Lackey |
The "Easy" Button for Your Web Application Security Career video | slides Salvador Grec |
Risk Analysis and Measurement with CWRAF video | slides Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan |
| 3:20 PM - 3:30 PM | Coffee Break | |||
| 3:30 PM - 4:20 PM | OWASP Broken Web Applications (OWASP BWA) 1.0 Release video | slides Chuck Willis |
Security Is Like An Onion, That's Why It Makes You Cry video | slides Michele Chubirka |
Anatomy of a Logic Flaw video | slides Charles Henderson and David Byrne | |
| 4:20 PM - 4:30 PM | Coffee Break | |||
| 4:30 PM - 5:20 PM | New and Improved Hacking Oracle from Web video | slides Sumit Siddharth |
State of Web Security video | slides Robert Rowley |
Old Webshells, New Tricks -- How Persistent Threats have
revived an old idea, and how you can detect them. video | slides Ryan Kazanciyan |
Fed Panel video | slides Moderator: Rex Booth Ron Ross, Joe Jarzombek, Kris Britton & Darren Death |
| 5:20 PM - 5:30 PM | Coffee Break | |||
| 5:30 PM - 6:20 PM | Unraveling some of the Mysteries around DOM-based XSS video | slides Dave Wichers |
2012 Global Security Report video | slides Tom Brennan and Nick Percoco |
Survivable Software for Cyber-Physical Systems video | slides Karen Mercedes Goertzel | |
| 6:20 PM | Networking Opportunity in Room 207AB sponsored by: 
| |||
