Difference between revisions of "AppSecUSA 2012"

From OWASP
Jump to: navigation, search
 
(7 intermediate revisions by 2 users not shown)
Line 6: Line 6:
 
<br>
 
<br>
 
For more information on CFP, CFT, Sponsorship, and registration, '''see the official AppSec USA website at [http://www.appsecusa.org http://www.appsecusa.org]'''
 
For more information on CFP, CFT, Sponsorship, and registration, '''see the official AppSec USA website at [http://www.appsecusa.org http://www.appsecusa.org]'''
 +
 +
 +
=<span style="color:#006699;">AppSec USA 2012 Presentations and Talks</span>=
 +
 +
 +
== '''Thursday 25th Oct''' ==
 +
=== <span style="color:#006699;">10:00 am - 10:45 am (Thursday) </span>===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements ====
 +
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px; width:100%;" >'''John Benninghoff''' | Developer | [https://www.owasp.org/images/7/7f/Building_Predictable_Systems.pdf Building Predictable Systems using Behavioral Security Modeling - PDF] </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
 +
==== Top Ten Web Defenses ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jim Manico''' | Mobile | [https://www.owasp.org/images/0/08/Top_10_Defenses_for_Website_Security.pdf Top 10 Defenses for Website Security - PDF] </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Mobile Applications & Proxy Shenanigans ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dan Amodio''' | Mobile | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Alejandro Caceres''' | Reverse Engineering | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Gauntlt: Rugged by Example ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jeremiah Shirk, Mani Tadayon, James Wickett''' | Rugged devops | [http://www.slideshare.net/wickett/gauntlt-rugged-by-example Gauntlt Rugged By Example - Slideshare] </span>
 +
|}
 +
 +
=== <span style="color:#006699;">11:00 am  - 11:45 am (Thursday)</span> ===
 +
 +
----
 +
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Ryan Barnett''' | Attack | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Sherif Koussa''' | Developer | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Cracking the Code of Mobile Application ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Sreenarayan Ashokkumar''' | Mobile | [https://www.owasp.org/images/c/cd/Cracking_the_Mobile_Application_Code.pdf Cracking the Mobile Application Code - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Hacking .NET Application: Reverse Engineering 101 ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jon Mccoy''' | Reverse Engineering | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Josh Corman''' | Rugged devops | [https://www.owasp.org/images/d/d5/Doing_the_Unstuck.pdf Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF]</span>
 +
|}
 +
 +
=== <span style="color:#006699;">2:00 pm  - 2:45 pm (Thursday)</span> ===
 +
 +
----
 +
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Hacking with WebSockets ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Vaagn Toukharian''' | Attack | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Bug Bounty Programs ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | Presentation Not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== How we tear into that little green man ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Mathew Rowley''' | Mobile | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jerry Hoff''' | Developer | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Put your robots to work: security automation at Twitter ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | Presentation Not available </span>
 +
|}
 +
 +
=== <span style="color:#006699;">3:00 pm  - 3:45 pm (Thursday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Michele Orru''' | Attack | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Shay Chen''' | Developer | [https://www.owasp.org/images/f/f5/The_Diviner_-_Digital_Clairvoyance_Breakthrough_-_Gaining_Access_to_the_Source_Code_%26_Server_Side_Memory_Structure_of_ANY_Application.pdf Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
 +
==== Demystifying Security in the Cloud: AWS Scout ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jonathan Chittenden''' | Cloud | [https://www.owasp.org/images/0/0f/Demystifying_Security_in_the_Cloud.pdf Demystifying Security in the Cloud - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Ofer Maor''' | Developer | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Rebooting (secure) software development with continuous deployment ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Nick Galbreath''' | Rugged devops | Presentation not available</span>
 +
|}
 +
 +
=== <span style="color:#006699;">4:00 pm  - 4:45 pm (Thursday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Cross Site Port Scanning ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Riyaz Walikar''' | Attack | [https://www.owasp.org/images/8/89/Poking_Servers_with_Facebook-Cross_Site_Port_Scanning.pdf Cross Site Port Scanning - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Analyzing and Fixing Password Protection Schemes ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''John Steven''' | Developer | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== WTF - WAF Testing Framework ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Yaniv Azaria, Amichai Shulman''' | Architecture | [https://www.owasp.org/images/0/00/OWASP-2012-WTF.pdf WAF Testing Framework - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== DevOps Distilled: The DevOps Panel at AppSec USA ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett''' | Rugged devops | [https://www.owasp.org/images/9/90/Corman_AppSecUSA_2012_DevOpsPanel.pdf DevOps Distilled - PDF]</span>
 +
|}
 +
 +
== '''Friday 26th Oct''' ==
 +
=== <span style="color:#006699;">10:00 am - 10:45 am (Friday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Effective approaches to web application security ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Zane Lackey''' | Developer | [https://www.owasp.org/images/b/b4/Effective_approaches_to_web_application_security.pdf Effective approaches to web application security - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Why Web Security Is Fundamentally Broken ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jeremiah Grossman''' | Developer | [https://www.owasp.org/images/9/90/Web_Security_Fundamentally_Broken.pdf Why Web Security Is Fundamentally Broken - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Payback on Web Attackers: Web Honeypots ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Simon Roses Femerling''' | Architecture | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Spin the bottle: Coupling technology and SE for one awesome hack ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''David Kennedy''' | Attack | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Incident Response: Security After Compromise ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Richard Bejtlich''' | Case Studies | Presentation not available</span>
 +
|}
 +
 +
=== <span style="color:#006699;">11:00 am - 11:45 am (Friday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== The Same-Origin Saga ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Brendan Eich''' | Developer | [https://www.owasp.org/images/a/a2/The_Same-Origin_Saga.pdf The Same-Origin Saga - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Hack your way to a degree: a new direction in teaching application security at universities ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Konstantinos Papapanagiotou''' | Developer | [https://www.owasp.org/images/9/9a/OWASP_Hackademic_AppSecUS2012_v1.pdf Hack your way to a degree - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
 +
==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dan Cornell, Josh Sokol''' | Architecture | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Phil Purviance''' | Attack | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
 +
==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | Presentation not available</span>
 +
|}
 +
 +
=== <span style="color:#006699;">1:00 pm - 1:45 pm (Friday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Builders Vs. Breakers ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Brett Hardin, Matt Konda, Jon Rose''' | Developer | [https://www.owasp.org/images/8/83/OWASP_AppSec_2012-Builders-vs-Breakers.pdf Builders-vs-Breakers - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Real World Cloud Application Security ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jason Chan''' | Cloud | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== NoSQL, no security? ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Will Urbanski''' | Architecture | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== SQL Server Exploitation, Escalation, and Pilfering ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Antti Rantasaari, Scott Sutherland''' | Attack | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Iran's real life cyberwar ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Phillip Hallam-Baker''' | Case Studies | [https://www.owasp.org/images/5/59/Iran%E2%80%99s_Real_Life_Cyberwar.pdf Iran’s Real Life Cyberwar - PDF]</span>
 +
|}
 +
 +
=== <span style="color:#006699;">2:00 pm - 2:45 pm (Friday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Get off your AMF and don’t REST on JSON ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dan Kuykendall''' | Developer | [https://www.owasp.org/images/2/20/Get_off_your_AMF_and_dont_REST_on_JSON-AppSecUSA2012.pdf Get off your AMF and don’t REST on JSON - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Unraveling Some of the Mysteries around DOM-Based XSS ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Dave Wichers''' | Developer | [https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf Unraveling some Mysteries around DOM-based XSS - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Tobias Gondrom''' | Architecture | [https://www.owasp.org/images/f/fe/OWASP_defending-MITMA_US_2012.pdf Securing the SSL channel against man-in-the-middle attacks - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Shreeraj Shah''' | Attack | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== The Application Security Ponzi Scheme: Stop paying for security failure ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Jarret Raim, Matt Tesauro''' | Case Studies | Presentation not available</span>
 +
|}
 +
 +
=== <span style="color:#006699;">3:00 pm - 3:45 pm (Friday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Using Interactive Static Analysis for Early Detection of Software Vulnerabilities ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Bill Chu''' | Developer | [https://www.owasp.org/images/4/46/Interactive_Static_Analysis.pdfInteractive Static Analysis for Early Detection of Software Vulnerabilities - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Origin(al) Sins ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Alex Russell''' | Developer | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== The 7 Qualities of Highly Secure Software ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Mano 'dash4rk' Paul''' | Architecture | [https://www.owasp.org/index.php/File:7_Qualities_of_Highly_Secure_Software.pdf 7 Qualities of Highly Secure Software - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Web Framework Vulnerabilities  ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Abraham Kang''' | Attack | [https://www.owasp.org/images/d/db/WebFrameworkVulnerablilitiesAppSecUSA.pdf Web App Framework Based Vulnerabilies - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Web App Crypto - A Study in Failure ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Travis H''' | Case Studies | [https://www.owasp.org/images/2/2f/Web_app_crypto_20121026.pdf Web App Cryptology A Study in Failure - PDF]</span>
 +
|}
 +
 +
=== <span style="color:#006699;">4:00 pm - 4:45 pm (Friday)</span> ===
 +
 +
----
 +
{| cellpadding="5" cellspacing="0"  style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%"
 +
! scope="col" align="left" width="100%" |
 +
==== Security at Scale ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Yvan Boily''' | Developer | Presentation not available</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Four Axes of Evil ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''HD Moore''' | Developer | [https://www.owasp.org/images/6/6f/Four_Axes_of_Evil.pdf Four Axes of Evil - PDF]</span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Wendy Nather''' | Architecture | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Counterintelligence Attack Theory  ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''Fred Donovan''' | Attack | Presentation not available </span>
 +
|-
 +
! scope="col" align="left" width="100%" |
 +
==== Top Strategies to Capture Security Intelligence for Applications ====
 +
<span style="background:#FFFFFF; border:1px solid #CCCCCC; padding:5px" >'''John Dickson''' | Case Studies | [https://www.owasp.org/images/8/8c/Top_Strategies_to_Capture_Security_Intelligence_for_Applications_OWASP.pdf Top Strategies to Capture Security Intelligence for Applications - PDF]</span>
 +
 +
|}
 +
<br>
  
  
 
[[Category:OWASP AppSec Conference]]
 
[[Category:OWASP AppSec Conference]]

Latest revision as of 13:00, 4 December 2012

AppSec USA 2012 — LASCON Edition, TX
Austin, TX at the Hyatt Regency Hotel Downtown
Training: October 23rd-24th — Conference Sessions: October 25th-26th

OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security.

For more information on CFP, CFT, Sponsorship, and registration, see the official AppSec USA website at http://www.appsecusa.org


Contents

AppSec USA 2012 Presentations and Talks

Thursday 25th Oct

10:00 am - 10:45 am (Thursday)


Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements

John Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF

Top Ten Web Defenses

Jim Manico | Mobile | Top 10 Defenses for Website Security - PDF

Mobile Applications & Proxy Shenanigans

Dan Amodio | Mobile | Presentation not available

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

Alejandro Caceres | Reverse Engineering | Presentation not available

Gauntlt: Rugged by Example

Jeremiah Shirk, Mani Tadayon, James Wickett | Rugged devops | Gauntlt Rugged By Example - Slideshare

11:00 am - 11:45 am (Thursday)


Building a Web Attacker Dashboard with ModSecurity and BeEF

Ryan Barnett | Attack | Presentation not available

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

Sherif Koussa | Developer | Presentation not available

Cracking the Code of Mobile Application

Sreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF

Hacking .NET Application: Reverse Engineering 101

Jon Mccoy | Reverse Engineering | Presentation not available

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

Josh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF

2:00 pm - 2:45 pm (Thursday)


Hacking with WebSockets

Vaagn Toukharian | Attack | Presentation not available

Bug Bounty Programs

Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available

How we tear into that little green man

Mathew Rowley | Mobile | Presentation not available

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

Jerry Hoff | Developer | Presentation not available

Put your robots to work: security automation at Twitter

Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available

3:00 pm - 3:45 pm (Thursday)


Exploiting Internal Network Vulns via the Browser using BeEF Bind

Michele Orru | Attack | Presentation not available

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

Shay Chen | Developer | Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF

Demystifying Security in the Cloud: AWS Scout

Jonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

Ofer Maor | Developer | Presentation not available

Rebooting (secure) software development with continuous deployment

Nick Galbreath | Rugged devops | Presentation not available

4:00 pm - 4:45 pm (Thursday)


Cross Site Port Scanning

Riyaz Walikar | Attack | Cross Site Port Scanning - PDF

Analyzing and Fixing Password Protection Schemes

John Steven | Developer | Presentation not available

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available

WTF - WAF Testing Framework

Yaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF

DevOps Distilled: The DevOps Panel at AppSec USA

Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF

Friday 26th Oct

10:00 am - 10:45 am (Friday)


Effective approaches to web application security

Zane Lackey | Developer | Effective approaches to web application security - PDF

Why Web Security Is Fundamentally Broken

Jeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF

Payback on Web Attackers: Web Honeypots

Simon Roses Femerling | Architecture | Presentation not available

Spin the bottle: Coupling technology and SE for one awesome hack

David Kennedy | Attack | Presentation not available

Incident Response: Security After Compromise

Richard Bejtlich | Case Studies | Presentation not available

11:00 am - 11:45 am (Friday)


The Same-Origin Saga

Brendan Eich | Developer | The Same-Origin Saga - PDF

Hack your way to a degree: a new direction in teaching application security at universities

Konstantinos Papapanagiotou | Developer | Hack your way to a degree - PDF

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

Dan Cornell, Josh Sokol | Architecture | Presentation not available

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

Phil Purviance | Attack | Presentation not available

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation not available

1:00 pm - 1:45 pm (Friday)


Builders Vs. Breakers

Brett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF

Real World Cloud Application Security

Jason Chan | Cloud | Presentation not available

NoSQL, no security?

Will Urbanski | Architecture | Presentation not available

SQL Server Exploitation, Escalation, and Pilfering

Antti Rantasaari, Scott Sutherland | Attack | Presentation not available

Iran's real life cyberwar

Phillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF

2:00 pm - 2:45 pm (Friday)


Get off your AMF and don’t REST on JSON

Dan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF

Unraveling Some of the Mysteries around DOM-Based XSS

Dave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

Tobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks - PDF

XSS & CSRF with HTML5 - Attack, Exploit and Defense

Shreeraj Shah | Attack | Presentation not available

The Application Security Ponzi Scheme: Stop paying for security failure

Jarret Raim, Matt Tesauro | Case Studies | Presentation not available

3:00 pm - 3:45 pm (Friday)


Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

Bill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF

Origin(al) Sins

Alex Russell | Developer | Presentation not available

The 7 Qualities of Highly Secure Software

Mano 'dash4rk' Paul | Architecture | 7 Qualities of Highly Secure Software - PDF

Web Framework Vulnerabilities

Abraham Kang | Attack | Web App Framework Based Vulnerabilies - PDF

Web App Crypto - A Study in Failure

Travis H | Case Studies | Web App Cryptology A Study in Failure - PDF

4:00 pm - 4:45 pm (Friday)


Security at Scale

Yvan Boily | Developer | Presentation not available

Four Axes of Evil

HD Moore | Developer | Four Axes of Evil - PDF

Pining For the Fjords: The Role of RBAC in Today's Applications

Wendy Nather | Architecture | Presentation not available

Counterintelligence Attack Theory

Fred Donovan | Attack | Presentation not available

Top Strategies to Capture Security Intelligence for Applications

John Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF