AppSecEU2013



''' For a more detailed description of everything see our main AppSec Research 2013 Web Site. '''

Videos
Videos from the talks are available here for Großer Saal and Aussichtsreich + Freiraum.

Slides
Quick links to the presentations. All slides are under CC-BY-SA license.

Thursday 22. August

 * [[Media:Welcome_Note_-_Dirk_Wetter.pdf|Welcome Note]]; Dirk Wetter
 * [[Media:OWASP_Where_we_are.._Where_we_are_going.pdf|OWASP Where we are.. Where we are going]]
 * [[Media:--comming soon--]]; Henning Perl, Michael Brenner
 * [[Media:Recipes_for_enabling_HTTPS_-_Thomas_Herlea+Neils_Boucke+Johann_Peeters.pdf|Recipes for enabling HTTPS]]; Thomas Herlea, Neils Boucke, Johann Peeters
 * [[Media:A_Perfect_CRIME_TIME_Will_Tell_-_Tal_Beery.pdf|A Perfect CRIME? TIME Will Tell]]; Tal Be'ery
 * [[Media:--comming soon--]]; Marian Harbach, Matthew Smith
 * [[Media:HTTP(S)-Based_Clustering_for_Assisted_Cybercrime_Investigations_-_Balduzzi.pdf‎|HTTP(S) - Based Clustering for Assisted Cybercrime Investigations]]; Marco Balduzzi
 * [[Media:Improving_the_Security_of_Session_Management_in_Web_Applications_-_Philippe_De_Ryck.pdf|Improving the Security of Session Management in Web Applications]]; Philippe DeRyck
 * [[Media:A_Doorman_for_Your_Home--Control-Flow_Integrity_Means_in_Web_Frameworks_-_Bastian_Brown.pdf|A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks]]; Bastian Braun


 * [[Media:Technical_Due_Diligence_-_Amir_Alsbih.pdf|Experiance made in Technical Due Diligence]]; Amir Alsbih
 * [[Media:OWASP-CISO_Guide_and_CISO_report_2013_for_managers_-_Tobias_Gondrom.pdf|OWASP - CISO Guide and CISO report 2013 for managers]]; Tobias Gondrom
 * [[Media:--comming soon--]]; Chris Eng, Ryan O'Boyle
 * [[Media:OWASP Top 10 Proactive Controls.pdf]]; Jim Manico
 * [[Media:CSP--the_panacea_for_XSS_or_placebo_-_Taras_Ivashchenko.pdf‎|CSP - the panacea for XSS or placebo]]; Taras Ivashchenko
 * [[Media:Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl+Johannes_Stroeher.pdf|Security_Testing_Guidelines_for_mobile_Apps]]; Florian_Stahl, Johannes Stroeher


 * [[Media:HTML5--ALL_THE_THINGS_-_Thomas_Roessler.pdf|HTML5 - ALL THE THINGS]]; Thomas Roessler


 * HackPra Allstars [[Media:HackPraAllstars_Rooting_Your_Internals_-_Michele_Orru.pdf|Rooting Your Internals]]; Michele Orru
 * HackPra Allstars [[Media:--comming soon--]]; Paul Stone
 * HackPra Allstars [[Media:HackPra_Allstars-Burp_Pro_Tips_and_Tricks_-_Nicolas_Grégoire.pdf|Burp Pro Tips and Tricks]]; Nicolas Grégoire
 * HackPra Allstars [[Media:HackPra_Allstars-Augmented_Reality_in_your_web_proxy_-_Roberto_Suggi_Liverani.pdf‎|Augmented Reality in your web proxy]]; Roberto Suggi Liverani
 * HackPra Allstars [[Media:--comming soon--]]; Gareth Heyes
 * HackPra Allstars [[Media:--comming soon--]]; Eduardo Vela
 * HackPra Allstars [[Media:--comming soon--]]; Mario Heiderich


 * OSS [[Media:]]; Mario Vilas
 * OSS [[Media:OWTF--Summer_StormShort-newer_-_Abraham_Aranguren.pdf|OWTF Summer StormShort (newer)]]; Abraham Aranguren
 * OSS [[Media:]]; Christian Bockermann
 * OSS [[Media:]]; Guido Witmond
 * OSS [[Media:]]; Miroslav Stampar
 * OSS [[Media:]]; Dan Cornell

Friday 23. August

 * [[Media:--comming soon--]]; Nick Nikiforakis
 * [[Media:--comming soon--]]; Milton Smith
 * [[Media:OWASP_Top-10_2013--AppSec_EU_2013_-_Dave_Wichers.pdf|OWASP Top-10 2013]]; Dave Wichers
 * [[Media:WASC-OWASP_WAFEC_-_Achim_Hoffmann+Ofer_Shezaf.pdf|WASC/OWASP WAFEC]]; Achim Hoffmann, Ofer Shezaf
 * [[Media:An_Alternate_Approach_for_SQLi_Detection_-_Reto_Ischi.pdf|An Alternate Approach for SQLi Detection]]; Reto Ischi
 * [[Media:OWASP_AppSensor--In_Theory,_In_Practice_and_In_Print_-_Colin_Watson.pdf|OWASP AppSensor - In Theory, In Practice and In Print]]; Colin Watson
 * [[Media:Introducing_ASVS_2013_-_Sahba_Kazerooni+Daniel_Cuthbert.pdf|Introducing ASVS 2013]]; Sahba Kazerooni, Daniel Cuthbert


 * [[Media:--comming soon--]]; Erlend Oftedal
 * [[Media:Insane_in_the_IFRAME_-_David_Ross.pdf|Insane in the IFRAME]]; David Ross
 * [[Media:JS_Libraries_Insecurity_-_Stefano_DiPaola.pdf|JS Libraries Insecurity]]; Stefano DiPaola
 * [[Media:--comming soon--]]; Sebastian Lekies, Ben Stock
 * [[Media:Origin_Policy_Enforcement_in_Modern_Browsers_-_Frederik_Braun.pdf|Origin Policy Enforcement in Modern Browsers]]; Federik Braun
 * [[Media:I_am_in_your_browser,_pwning_your_stuff_-_Krzysztof_Kotowicz.pdf‎|I am in your browser, pwning your stuff]]; Krzysztof Kotowicz
 * [[Media:Sandboxing-Javascript_-_Lieven_Desmet+Nick_Nikiforakis.pdf|Sandboxing Javascript]]; Lieven Desmet, Nick Nikiforakis


 * [[Media:RaspberryPi_for_the_Infrasturcture_and_hacker_-_Fred_Donavan.pdf|RaspberryPi for the Infrasturcture and hacker]]; Fred Donavan
 * [[Media:--comming soon--]]; Yvan Boily
 * [[Media:ZAP_Innovations_-_Simon_Benetts.pdf|ZAP Innovations]]; Simon Benetts
 * [[Media:Do_You_Have_a_Scanner_or_Scanning_Program_-_Dan_Cornell.pdf‎|Do_You_Have a Scanner or Scanning Program]]; Dan Cornell
 * [[Media:OWTF--Summer_StormShort_-_Abraham_Aranguren.pdf|OWTF Summer StormShort]]; Abraham Aranguren
 * [[Media:--comming soon--]]; Luca Viganò, Luca Compagna
 * OSS [[Media:OWASP_Hackademic_Challenges_-_Konstantinos_Papapanagiotou+Spyros_Gasteratos.pdf|OWASP Hackademic Challenges]]; Konstantinos Papapanagiotou
 * OSS [[Media:]]; Dinis Cruz
 * OSS [[Media:]]; Juray Somorowsky
 * [[Media:Closing_Note_-_Dieter_Gollmann.pdf‎|Closing Note]]; Dieter Gollmann
 * [[Media:Closing-Ceremony_-_Dirk_Wetter.pdf‎|Closing Ceremony]]; Dirk Wetter

Welcome
The German OWASP Chapter is hosting the global OWASP AppSec Research 2013 conference in Hamburg, Germany from August 20-23. Hamburg is the second biggest city in Germany, located in the north. To quote New York Times: No one tells you how pretty Hamburg is. We do.

The AppSec Research conference will be a premier gathering of Information Security leaders, also it is going to have a research part.

Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.

The conference will be held from August 20-23, 2013 at the Emporio Hamburg. It's centrally located in the heart of the city with a splendid view over Binnen-, Aussenalster and River Elbe.

Facts in a nutshell

 * Date:
 * Trainings: August 20-21, 2013
 * Conference: August 22-23, 2013


 * Location: Emporio Hamburg
 * Program
 * Complete Program
 * Trainings
 * Open Source (Security) Showcase
 * HackPra Allstars Track


 * Events
 * Dinner ...


 * Sponsors: Sponsorship Description, find out more here.
 * Call for ...
 * Closed: May 15, was extended: May 22: Papers (Research).
 * Closed: Presentations (Industry). Talk teasers are here, Program comming soon.
 * Closed: Call for Trainings . Program is published
 * Closed: OWASP Open Source (Security) Showcase (OSS)


 * Registration: Is open, please see https://appsec.eu/registration/.
 * Mailinglist: please subscribe to: https://lists.owasp.org/mailman/listinfo/appseceu2013


 * Partners + Supporters: External Web Site

Sponsorship
AppSec Research is seeking for sponsors. We have several possibilities how you can promote your company, seek for employees and on the other side support the conference. Please find the description, pricing and possible items in a [[Media:Sponsorship_Description_AppSec_EU_2013.pdf|PDF here]].

Call for {Presentations,Papers,Trainings}
We have there separate "Calls":


 * Closed: The Call for Papers is for the Research track
 * Closed: Call for Presentations is the standard one for the regular tracks
 * Closed: Call for Trainings

Conference Orga

 * Dirk Wetter (Chair)
 * Kai Jendrian (Co-Chair)
 * Birgit Bernskötter (External)
 * Ingo Hanke
 * Boris Hemkemeier
 * Achim Hoffmann
 * Martin Johns
 * Hartwig Gelhausen
 * Tobias Glemser
 * Sebastien Deleersnyder
 * Kelly Santalucia
 * Sarah Baso

Contact: orga2013//lists/appsec/eu


 * Twitter
 * Twitter: @appseceu
 * Twitter: @OWASP_de (German account)

Countdown Challenges

 * Closed Win Free Tickets to AppSec EU Research 2013! here or https://appsec.eu/ticket-challenge/.

How to Start

=================================

Step0 Prepare your client with a preconfigured virtual host in VMware Player or VirtualBox. Install the LiveCD image in your virtual host. It can be downloaded here: https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html

Download links for VMware Player and VirtualBox are: * https://www.virtualbox.org/wiki/Downloads * http://www.vmware.com/products/player/

Step1 Follow the link from your mail or posted at conference wiki.

Step2 Login

Step3 After login you'll see the list of Running Events Switch to the challenge AppSec EU 2013 Ticket Challenge 6

Step4 To solve the task you need a VPN connection as shown in   https://www.hacking-lab.com/Remote_Sec_Lab/lab-infrastructure.html

Step5 Connect to hacking-lab.com after starting your Live-CD from within your virtual host as described in   https://www.hacking-lab.com/Remote_Sec_Lab/OpenVPN.html

Step6 To complete the task (event), send your description of the vulnerability including an exploit and a description for mitigations using the provided "Send Solution" button.
 * Good luck!!

University Challenges
AppSec Research 2013 will have a OWASP University Challenges, details see here.

Capture the Flag
There will be a Capture the Flag event at AppSec Research 2013. Details will come sone here.

More detailed description is available on our external web site.

