AppSecUSA 2012.com


 * AppSecUSA Presentations and Talks

Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

 * John Benninghoff | Developer | PDF

Top Ten Web Defenses

 * Jim Manico | Mobile | PDF

Mobile Applications & Proxy Shenanigans

 * Dan Amodio | Mobile | PDF

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

 * Alejandro Caceres | Reverse Engineering | PDF

Gauntlt: Rugged by Example

 * Jeremiah Shirk | Rugged devops | PDF

Building a Web Attacker Dashboard with ModSecurity and BeEF

 * Ryan Barnett | Attack | PDF

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

 * Sherif Koussa | Developer | PDF

Cracking the Code of Mobile Application

 * Sreenarayan Ashokkumar | Mobile | PDF

Hacking .NET Application: Reverse Engineering 101

 * Jon Mccoy | Reverse Engineering | PDF

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

 * Josh Corman | Rugged devops | PDF

Hacking with WebSockets

 * Vaagn Toukharian | Attack | PDF

Bug Bounty Programs

 * Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer

How we tear into that little green man

 * Mathew Rowley | Mobile | PDF

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

 * Jerry Hoff | Developer | PDF

Put your robots to work: security automation at Twitter

 * Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | PDF

Exploiting Internal Network Vulns via the Browser using BeEF Bind

 * Michele Orru | Attack | PDF

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

 * Shay Chen | Developer | PDF

Demystifying Security in the Cloud: AWS Scout

 * Jonathan Chittenden | Cloud | PDF

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

 * Ofer Maor | Developer | PDF

Rebooting (secure) software development with continuous deployment

 * Nick Galbreath | Rugged devops | PDF

Cross Site Port Scanning

 * Riyaz Walikar | Attack | PDF

Analyzing and Fixing Password Protection Schemes

 * John Steven | Developer | PDF

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

 * Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | PDF

WTF - WAF Testing Framework

 * Yaniv Azaria, Amichai Shulman | Architecture | PDF

DevOps Distilled: The DevOps Panel at AppSec USA

 * Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | PDF

Effective approaches to web application security

 * Zane Lackey | Developer

Why Web Security Is Fundamentally Broken

 * Jeremiah Grossman | Developer

Payback on Web Attackers: Web Honeypots

 * Simon Roses Femerling | Architecture

Spin the bottle: Coupling technology and SE for one awesome hack

 * David Kennedy | Attack

Incident Response: Security After Compromise

 * Richard Bejtlich | Case Studies

The Same-Origin Saga

 * Brendan Eich | Developer

Hack your way to a degree: a new direction in teaching application security at universities

 * Konstantinos Papapanagiotou | Developer

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

 * Dan Cornell, Josh Sokol | Architecture

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

 * Phil Purviance | Attack

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

 * Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies

Builders Vs. Breakers

 * Brett Hardin, Matt Konda, Jon Rose | Developer

Real World Cloud Application Security

 * Jason Chan | Cloud

NoSQL, no security?

 * Will Urbanski | Architecture

SQL Server Exploitation, Escalation, and Pilfering

 * Antti Rantasaari, Scott Sutherland | Attack

Iran's real life cyberwar

 * Phillip Hallam-Baker | Case Studies

Get off your AMF and don’t REST on JSON

 * Dan Kuykendall | Developer

Unraveling Some of the Mysteries around DOM-Based XSS

 * Dave Wichers | Developer

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

 * Tobias Gondrom | Architecture

XSS & CSRF with HTML5 - Attack, Exploit and Defense

 * Shreeraj Shah | Attack

The Application Security Ponzi Scheme: Stop paying for security failure

 * Jarret Raim, Matt Tesauro | Case Studies

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

 * Bill Chu | Developer

Origin(al) Sins

 * Alex Russell | Developer

The 7 Qualities of Highly Secure Software

 * Mano 'dash4rk' Paul | Architecture

Web Framework Vulnerabilities

 * Abraham Kang | Attack

Web App Crypto - A Study in Failure

 * Travis H | Case Studies

Security at Scale

 * Yvan Boily | Developer

Four Axes of Evil

 * HD Moore | Developer

Pining For the Fjords: The Role of RBAC in Today's Applications

 * Wendy Nather | Architecture

Counterintelligence Attack Theory

 * Fred Donovan | Attack

Top Strategies to Capture Security Intelligence for Applications

 * John Dickson | Case Studies