This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2012/Schedule/4-5-2012"

From OWASP
Jump to: navigation, search
Line 12: Line 12:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd rowspan=2 | 9:00 AM - 9:50 AM
 
|  width=72 valign=middle bgcolor=#7b8abd rowspan=2 | 9:00 AM - 9:50 AM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center rowspan=2 | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Pentesting_Smart_Grid_Web_Apps Pentesting Smart Grid Web Apps]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center rowspan=2 | [[OWASP_AppSec_DC_2012/Pentesting_Smart_Grid_Web_Apps|Pentesting Smart Grid Web Apps]]<br>video | [[media: ASDC12-Pentesting_Smart_Grid_Web_Apps.pdf|slides]]<br><br>Justin Searle
Justin Searle
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Friends_dont_let_friends_store_passwords_in_source_code|Friends don't let friends store passwords in source code]]<br>video | slides<br><br>Neil Matatall
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Friends_dont_let_friends_store_passwords_in_source_code Friends don't let friends store passwords in source code]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center rowspan=2 | [[OWASP_AppSec_DC_2012/Smart_Bombs_Mobile_Vulnerability_and_Exploitation|Smart Bombs: Mobile Vulnerability and Exploitation]]<br>video | [[media: ASDC12-Smart_Bombs_Mobile_Vulnerability_and_Exploitation.pdf|slides]]<br><br>Kevin Johnson, John Sawyer and Tom Eston
Neil Matatall
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=2 | [[OWASP_AppSec_DC_2012/Overcoming_the_Quality_vs_Quantity_Problem_in_SoftwareSecurity_Testing|Overcoming the Quality vs. Quantity Problem in Software
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center rowspan=2 | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Smart_Bombs_Mobile_Vulnerability_and_Exploitation Smart Bombs: Mobile Vulnerability and Exploitation]<br><br>
+
Security Testing]]<br>video | [[media: ASDC12-Overcoming_the_Quality_vs_Quantity_Problem_in_SoftwareSecurity_Testing.pdf|slides]]<br><br>Rafal Los
Kevin Johnson, John Sawyer and Tom Eston
 
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=2 | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Overcoming_the_Quality_vs_Quantity_Problem_in_SoftwareSecurity_Testing Overcoming the Quality vs. Quantity Problem in Software Security Testing]<br><br>
 
Rafal Los
 
 
|-
 
|-
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Web_Application_Defense_with_Bayesian_Attack_Analysis Web Application Defense with Bayesian Attack Analysis]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Web_Application_Defense_with_Bayesian_Attack_Analysis|Web Application Defense with Bayesian Attack Analysis]]<br>video | [[media: ASDC12-Web_Application_Defense_with_Bayesian_Attack_Analysis.pdf|slides]]<br><br>Ryan Barnett
Ryan Barnett
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 9:50 AM - 10:00 AM
 
|  width=72 valign=middle bgcolor=#7b8abd | 9:50 AM - 10:00 AM
Line 28: Line 24:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 10:00 AM - 10:50 AM
 
|  width=72 valign=middle bgcolor=#7b8abd | 10:00 AM - 10:50 AM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Vulnerabilities_in_Industrial_Control_Systems Vulnerabilities in Industrial Control Systems]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Vulnerabilities_in_Industrial_Control_Systems|Vulnerabilities in Industrial Control Systems]]<br>video | slides<br><br>Kevin Hemsly
ICS-CERT
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Access_Control_Designs_and_Pitfalls|Access Control Designs and Pitfalls]]<br>video | [[media: ASDC12-Access_Control_Designs_and_Pitfalls.pdf|slides]]<br><br>Jim Manico
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Access_Control Access Control]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Software_Security_Goes_Mobile|Software Security Goes Mobile]]<br>video | slides<br><br>Jacob West
Jim Manico
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Baking_In_Security_Sweet_Secure_Cupcakes|Baking In Security, Sweet, Secure, Cupcakes]]<br>video | [[media: ASDC12-Baking_In_Security_Sweet_Secure_Cupcakes.pdf|slides]]<br><br>Ken Johnson and Matt Ahrens
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Software_Security_Goes_Mobile Software Security Goes Mobile]<br><br>
 
Jacob West
 
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Baking_In_Security_Sweet_Secure_Cupcakes Baking In Security, Sweet, Secure, Cupcakes]<br><br>
 
Ken Johnson and Matt Ahrens
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 10:50 AM - 11:00 AM
 
|  width=72 valign=middle bgcolor=#7b8abd | 10:50 AM - 11:00 AM
Line 41: Line 33:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/AMI_Security AMI Security]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/AMI_Security|AMI Security]]<br>video | [[media: ASDC12-AMI_Security.pdf|slides]]<br><br>John Sawyer and Don Weber
John Sawyer and Don Weber
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/SharePoint_Security_101|SharePoint Security 101]]<br>video | [[media: ASDC12-SharePoint_Security_101.pdf|slides]]<br><br>Rob Rachwald, Amichai Shulman and Noa Bar-Yosef
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/SharePoint_Security_101 SharePoint Security 101]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Behind_Enemy_Lines__Practical_Triage_Approaches_to_MobileSecurity_Abroad__2012_Edition|Behind Enemy Lines - Practical& Triage Approaches to Mobile
Rob Rachwald
+
Security Abroad - 2012 Edition]]<br>video | [[media: ASDC12-Behind_Enemy_Lines_Practical_Triage_Approaches_to_MobileSecurity_Abroad_2012_Edition.pdf|slides]]<br><br>Justin Morehouse
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Behind_Enemy_Lines__Practical_Triage_Approaches_to_MobileSecurity_Abroad__2012_Edition Behind Enemy Lines - Practical& Triage Approaches to Mobile Security Abroad - 2012 Edition]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Understanding_IAST__More_Context_Better_Analysis|Understanding IAST - More Context, Better Analysis]]<br>video | [[media: ASDC12-Understanding_IAST_More_Context_Better_Analysis.pdf|slides]]<br><br>Jeff Williams
Justin Morehouse
 
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Understanding_IAST__More_Context_Better_Analysis Understanding IAST - More Context, Better Analysis]<br><br>
 
Jeff Williams
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 1:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 1:30 PM
Line 54: Line 43:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 1:30 PM - 2:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 1:30 PM - 2:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Project_Basecamp_News_from_Camp_4 Project Basecamp: News from Camp 4]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Project_Basecamp_News_from_Camp_4|Project Basecamp: News from Camp 4]]<br>video | [[media:ASDC12-Project_Basecamp_News_from_Base_4.pdf|slides]]<br><br>Reid Wightman
Reid Wightman
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Enterprise_Security_API_ESAPI_for_C_Plus_Plus|Enterprise Security API (ESAPI) for C Plus Plus]]<br>video | [[media: ASDC12-Enterprise_Security_API_ESAPI_for_C_Plus_Plus.pdf|slides]]<br><br>Dan Amodio
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Enterprise_Security_API_ESAPI_for_C_Plus_Plus Enterprise Security API (ESAPI) for C Plus Plus]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/WhackaMobile_II_Mobile_App_Pen_Testing_with_the_MobiSecLive_Environment|Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec
Dan Amodio
+
Live Environment]]<br>video | [[media: ASDC12-WhackaMobile_II_Mobile_App_Pen_Testing_with_the_MobiSecLive_Environment.pdf|slides]]<br><br>Kevin Johnson and Tony Delagrange
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/WhackaMobile_II_Mobile_App_Pen_Testing_with_the_MobiSecLive_Environment Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec Live Environment]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP AppSec DC 2012/Proactive risk mitigation within the Software Development Lifecycle (SDLC)|Proactive risk mitigation within the Software Development Lifecycle (SDLC)]]<br>video | slides<br><br>Joe White
Kevin Johnson and Tony Delagrange
 
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Proactive_risk_mitigation_within_the_Software_Development_Lifecycle_(SDLC) Proactive risk mitigation within the SDLC, Real world examples]<br><br>
 
Joe White
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 2:20 PM - 2:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 2:20 PM - 2:30 PM
Line 67: Line 53:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Real_world_backdoors_on_industrial_devices Real world backdoors on industrial devices]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Real_world_backdoors_on_industrial_devices|Real world backdoors on industrial devices]]<br>video | [[media: ASDC12-Real_world_backdoors_on_industrial_devices.pdf|slides]]<br><br>Ruben Santamarta
Ruben Santamarta
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Dynamic_DASTWAF_Integration|Dynamic DAST/WAF Integration]]<br>video | [[media: ASDC12-Dynamic_DASTWAF_Integration.pdf|slides]]<br><br>Ryan Barnett
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Dynamic_DASTWAF_Integration Dynamic DAST/WAF Integration]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications|An In-Depth Introduction to the Android Permissions Model,
Ryan Barnett
+
and How to Secure Multi-Component Applications]]<br>video | [[media: ASDC12-An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications.pdf|slides]]<br><br>Jeff Six
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications An In-Depth Introduction to the Android Permissions Model, and How to Secure Multi-Component Applications]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Teaching_an_Old_Dog_New_Tricks_Securing_Development_withPMD|Teaching an Old Dog New Tricks: Securing Development with
Jeff Six
+
PMD]]<br>video | [[media: ASDC12-Teaching_an_Old_Dog_New_Tricks_Securing_Development_with_PMD.pdf|slides]]<br><br>Joe Hemler
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Teaching_an_Old_Dog_New_Tricks_Securing_Development_withPMD Teaching an Old Dog New Tricks: Securing Development with PMD]<br><br>
 
Joe Hemler
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM
Line 80: Line 64:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Denial_of_Surface Denial of Surface.]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Denial_of_Surface|Denial of Surface.]]<br>video | [[media: ASDC12-Denial_of_Surface.pdf|slides]]<br><br>Eireann Leverett
Eireann Leverett
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Cloudbased_dWAF_A_Real_World_Deployment_Case_Study|Cloud-based dWAF: A Real World Deployment Case Study]]<br>video | [[media: ASDC12-Cloudbased_dWAF_A_Real_World_Deployment_Case_Study.pdf|slides]]<br><br>Alexander Meisel
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Cloudbased_dWAF_A_Real_World_Deployment_Case_Study Cloud-based dWAF: A Real World Deployment Case Study]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Android_in_the_Healthcare_Workplace_A_Case_Study|Android in the Healthcare Workplace: A Case Study]]<br>video | [[media: ASDC12-Android_in_the_Healthcare_Workplace_A_Case_Study.pdf|slides]]<br><br>Thomas Richards
Alexander Meisel
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors|What can an Acquirer do to prevent developers from make
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Android_in_the_Healthcare_Workplace_A_Case_Study Android in the Healthcare Workplace A Case Study]<br><br>Thomas Richards
+
dangerous software errors?]]<br>video | [[media: ASDC12-What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors.pdf|slides]]<br><br>Michele Moss and Don Davidson
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors What can an Acquirer do to prevent developers from make dangerous software errors?]<br><br>
 
Michele Moss and Don Davidson
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM
Line 92: Line 74:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Securing_Critical_Infrastructure Securing Critical Infrastructure]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Securing_Critical_Infrastructure|Securing Critical Infrastructure]]<br>video | [[media: ASDC12-Securing_Critical_Infrastructure.pdf|slides]]<br><br>Francis Cianfrocca and Bob Lam
Francis Cianfrocca
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Using_PHPIDS_to_Understand_Attacks_Trends|Using PHPIDS to Understand Attacks Trends]]<br>video | [[media: ASDC12-Using_PHPIDS_to_Understand_Attacks_Trends.pdf|slides]]<br><br>Salvador Grec
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Using_PHPIDS_to_Understand_Attacks_Trends Using PHPIDS to Understand Attacks Trends]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Mobile_Application_Security__Who_how_and_why|Mobile Application Security - Who, how and why]]<br>video | [[media: ASDC12-Mobile_Application_Security_Who_how_and_why.pdf|slides]]<br><br>Mike Park and Charles Henderson
Salvador Grec
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [[OWASP_AppSec_DC_2012/Private_information_Protection_in_Cloud_Computing___LawsCompliance_and_Cloud_Security_Misconceptions|Private information Protection in Cloud Computing _ Laws,
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Mobile_Application_Security__Who_how_and_why Mobile Application Security - Who, how and why]<br><br>
+
Compliance and Cloud Security Misconceptions]]<br>video | [[media: ASDC12-Private_information_Protection_in_Cloud_Computing_LawsCompliance_and_Cloud_Security_Misconceptions.pdf|slides]]<br><br>Mikhail Utin and Daniil Utin
Mike Park and Charles Henderson
 
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center | [https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Private_information_Protection_in_Cloud_Computing___LawsCompliance_and_Cloud_Security_Misconceptions Private information Protection in Cloud Computing _ Laws, Compliance and Cloud Security Misconceptions]<br><br>
 
Mikhail Utin and Daniil Utin
 
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 5:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 5:20 PM
 
|  valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Closing Remarks<br>Room 202A
 
|  valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Closing Remarks<br>Room 202A
 
|}
 
|}

Revision as of 02:13, 19 April 2012

Plenary Day 2 - 4/5/2012
Critical Infrastructure
Room 201
Defend!
Room 202A
On the Go
Room 202B
SDLC
Room 206
7:30 AM - 9:00 AM Registration
9:00 AM - 9:50 AM Pentesting Smart Grid Web Apps
video | slides

Justin Searle
Friends don't let friends store passwords in source code
video | slides

Neil Matatall
Smart Bombs: Mobile Vulnerability and Exploitation
video | slides

Kevin Johnson, John Sawyer and Tom Eston
Overcoming the Quality vs. Quantity Problem in Software Security Testing
video | slides

Rafal Los
Web Application Defense with Bayesian Attack Analysis
video | slides

Ryan Barnett
9:50 AM - 10:00 AM Coffee Break
10:00 AM - 10:50 AM Vulnerabilities in Industrial Control Systems
video | slides

Kevin Hemsly
Access Control Designs and Pitfalls
video | slides

Jim Manico
Software Security Goes Mobile
video | slides

Jacob West
Baking In Security, Sweet, Secure, Cupcakes
video | slides

Ken Johnson and Matt Ahrens
10:50 AM - 11:00 AM Coffee Break
11:00 AM - 11:50 AM AMI Security
video | slides

John Sawyer and Don Weber
SharePoint Security 101
video | slides

Rob Rachwald, Amichai Shulman and Noa Bar-Yosef
Behind Enemy Lines - Practical& Triage Approaches to Mobile Security Abroad - 2012 Edition
video | slides

Justin Morehouse
Understanding IAST - More Context, Better Analysis
video | slides

Jeff Williams
11:50 AM - 1:30 PM No-Host Lunch
1:30 PM - 2:20 PM Project Basecamp: News from Camp 4
video | slides

Reid Wightman
Enterprise Security API (ESAPI) for C Plus Plus
video | slides

Dan Amodio
Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec Live Environment
video | slides

Kevin Johnson and Tony Delagrange
Proactive risk mitigation within the Software Development Lifecycle (SDLC)
video | slides

Joe White
2:20 PM - 2:30 PM Coffee Break
2:30 PM - 3:20 PM Real world backdoors on industrial devices
video | slides

Ruben Santamarta
Dynamic DAST/WAF Integration
video | slides

Ryan Barnett
An In-Depth Introduction to the Android Permissions Model, and How to Secure Multi-Component Applications
video | slides

Jeff Six
Teaching an Old Dog New Tricks: Securing Development with PMD
video | slides

Joe Hemler
3:20 PM - 3:30 PM Coffee Break
3:30 PM - 4:20 PM Denial of Surface.
video | slides

Eireann Leverett
Cloud-based dWAF: A Real World Deployment Case Study
video | slides

Alexander Meisel
Android in the Healthcare Workplace: A Case Study
video | slides

Thomas Richards
What can an Acquirer do to prevent developers from make dangerous software errors?
video | slides

Michele Moss and Don Davidson
4:20 PM - 4:30 PM Coffee Break
4:30 PM - 5:20 PM Securing Critical Infrastructure
video | slides

Francis Cianfrocca and Bob Lam
Using PHPIDS to Understand Attacks Trends
video | slides

Salvador Grec
Mobile Application Security - Who, how and why
video | slides

Mike Park and Charles Henderson
Private information Protection in Cloud Computing _ Laws, Compliance and Cloud Security Misconceptions
video | slides

Mikhail Utin and Daniil Utin
5:20 PM Closing Remarks
Room 202A