AppSecUSA 2012

AppSec USA 2012 — LASCON Edition, TX Austin, TX at the Hyatt Regency Hotel Downtown Training: October 23rd-24th — Conference Sessions: October 25th-26th OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. For more information on CFP, CFT, Sponsorship, and registration, see the official AppSec USA website at http://www.appsecusa.org

= AppSec USA 2012 Presentations and Talks =

10:00 am - 10:45 am (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements
John Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF ! scope="col" align="left" width="100%" |

Top Ten Web Defenses
Jim Manico | Mobile | Top 10 Defenses for Website Security - PDF ! scope="col" align="left" width="100%" |

Mobile Applications & Proxy Shenanigans
Dan Amodio | Mobile | Presentation not available ! scope="col" align="left" width="100%" |

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy
Alejandro Caceres | Reverse Engineering | Presentation not available ! scope="col" align="left" width="100%" |

Gauntlt: Rugged by Example
Jeremiah Shirk | Rugged devops | Presentation not available
 * }

11:00 am - 11:45 am (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Building a Web Attacker Dashboard with ModSecurity and BeEF
Ryan Barnett | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
Sherif Koussa | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Cracking the Code of Mobile Application
Sreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF ! scope="col" align="left" width="100%" |

Hacking .NET Application: Reverse Engineering 101
Jon Mccoy | Reverse Engineering | Presentation not available ! scope="col" align="left" width="100%" |

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
Josh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF
 * }

2:00 pm - 2:45 pm (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Hacking with WebSockets
Vaagn Toukharian | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Bug Bounty Programs
Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available ! scope="col" align="left" width="100%" |

How we tear into that little green man
Mathew Rowley | Mobile | Presentation not available ! scope="col" align="left" width="100%" |

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life
Jerry Hoff | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Put your robots to work: security automation at Twitter
Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available
 * }

3:00 pm - 3:45 pm (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Exploiting Internal Network Vulns via the Browser using BeEF Bind
Michele Orru | Attack | Presentation not available ! scope="col" align="left" width="100%" |

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
Shay Chen | Developer | Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF ! scope="col" align="left" width="100%" |

Demystifying Security in the Cloud: AWS Scout
Jonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF ! scope="col" align="left" width="100%" |

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
Ofer Maor | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Rebooting (secure) software development with continuous deployment
Nick Galbreath | Rugged devops | Presentation not available
 * }

4:00 pm - 4:45 pm (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Cross Site Port Scanning
Riyaz Walikar | Attack | Cross Site Port Scanning - PDF ! scope="col" align="left" width="100%" |

Analyzing and Fixing Password Protection Schemes
John Steven | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods
Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available ! scope="col" align="left" width="100%" |

WTF - WAF Testing Framework
Yaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF ! scope="col" align="left" width="100%" |

DevOps Distilled: The DevOps Panel at AppSec USA
Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF
 * }

10:00 am - 10:45 am (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Effective approaches to web application security
Zane Lackey | Developer | Effective approaches to web application security - PDF ! scope="col" align="left" width="100%" |

Why Web Security Is Fundamentally Broken
Jeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF ! scope="col" align="left" width="100%" |

Payback on Web Attackers: Web Honeypots
Simon Roses Femerling | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

Spin the bottle: Coupling technology and SE for one awesome hack
David Kennedy | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Incident Response: Security After Compromise
Richard Bejtlich | Case Studies | Presentation not available
 * }

11:00 am - 11:45 am (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

The Same-Origin Saga
Brendan Eich | Developer | The Same-Origin Saga - PDF ! scope="col" align="left" width="100%" |

Hack your way to a degree: a new direction in teaching application security at universities
Konstantinos Papapanagiotou | Developer | Hack your way to a degree - PDF ! scope="col" align="left" width="100%" |

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
Dan Cornell, Josh Sokol | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

Blended Threats and JavaScript: A Plan for Permanent Network Compromise
Phil Purviance | Attack | Presentation Not Available ! scope="col" align="left" width="100%" |

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation not available
 * }

1:00 pm - 1:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Builders Vs. Breakers
Brett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF ! scope="col" align="left" width="100%" |

Real World Cloud Application Security
Jason Chan | Cloud | Presentation not available ! scope="col" align="left" width="100%" |

NoSQL, no security?
Will Urbanski | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

SQL Server Exploitation, Escalation, and Pilfering
Antti Rantasaari, Scott Sutherland | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Iran's real life cyberwar
Phillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF
 * }

2:00 pm - 2:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Get off your AMF and don’t REST on JSON
Dan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF ! scope="col" align="left" width="100%" |

Unraveling Some of the Mysteries around DOM-Based XSS
Dave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF ! scope="col" align="left" width="100%" |

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
Tobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks - PDF ! scope="col" align="left" width="100%" |

XSS & CSRF with HTML5 - Attack, Exploit and Defense
Shreeraj Shah | Attack | Presentation not available ! scope="col" align="left" width="100%" |

The Application Security Ponzi Scheme: Stop paying for security failure
Jarret Raim, Matt Tesauro | Case Studies | Presentation not available
 * }

3:00 pm - 3:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities
Bill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF ! scope="col" align="left" width="100%" |

Origin(al) Sins
Alex Russell | Developer | Presentation not available ! scope="col" align="left" width="100%" |

The 7 Qualities of Highly Secure Software
Mano 'dash4rk' Paul | Architecture | ! scope="col" align="left" width="100%" |

Web Framework Vulnerabilities
Abraham Kang | Attack | Web App Framework Based Vulnerabilies - PDF ! scope="col" align="left" width="100%" |

Web App Crypto - A Study in Failure
Travis H | Case Studies | Web App Cryptology A Study in Failure - PDF
 * }

4:00 pm - 4:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Security at Scale
Yvan Boily | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Four Axes of Evil
HD Moore | Developer | Four Axes of Evil - PDF ! scope="col" align="left" width="100%" |

Pining For the Fjords: The Role of RBAC in Today's Applications
Wendy Nather | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

Counterintelligence Attack Theory
Fred Donovan | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Top Strategies to Capture Security Intelligence for Applications
John Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF


 * }