Difference between revisions of "AppSecUSA 2012.com"

From OWASP
Jump to: navigation, search
(Web Framework Vulnerabilities)
Line 13: Line 13:
  
 
==== Mobile Applications & Proxy Shenanigans ====
 
==== Mobile Applications & Proxy Shenanigans ====
*'''Dan Amodio''' | Mobile | PDF
+
*'''Dan Amodio''' | Mobile | Presentation Not available
  
 
==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ====
 
==== Reverse Engineering “Secure” HTTP APIs With An SSL Proxy ====
*'''Alejandro Caceres''' | Reverse Engineering | PDF
+
*'''Alejandro Caceres''' | Reverse Engineering | Presentation Not available
 
 
 
==== Gauntlt: Rugged by Example ====
 
==== Gauntlt: Rugged by Example ====
Line 26: Line 26:
  
 
==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
 
==== Building a Web Attacker Dashboard with ModSecurity and BeEF ====
*'''Ryan Barnett''' | Attack | PDF
+
*'''Ryan Barnett''' | Attack | Presentation Not available
 
 
 
 
 
==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ====
 
==== Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews ====
*'''Sherif Koussa''' | Developer | PDF
+
*'''Sherif Koussa''' | Developer | Presentation Not available
  
 
==== Cracking the Code of Mobile Application ====
 
==== Cracking the Code of Mobile Application ====
Line 35: Line 35:
  
 
==== Hacking .NET Application: Reverse Engineering 101 ====
 
==== Hacking .NET Application: Reverse Engineering 101 ====
*'''Jon Mccoy''' | Reverse Engineering | PDF
+
*'''Jon Mccoy''' | Reverse Engineering | Presentation Not available
  
 
==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
 
==== Doing the unstuck: How Rugged cultures drive Biz & AppSec Value ====
Line 45: Line 45:
  
 
==== Hacking with WebSockets ====
 
==== Hacking with WebSockets ====
*'''Vaagn Toukharian''' | Attack | PDF
+
*'''Vaagn Toukharian''' | Attack | Presentation Not available
 
 
 
 
 
==== Bug Bounty Programs ====
 
==== Bug Bounty Programs ====
*'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | PDF
+
*'''Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice''' | Developer | Presentation Not available
  
 
==== How we tear into that little green man ====
 
==== How we tear into that little green man ====
*'''Mathew Rowley''' | Mobile | PDF
+
*'''Mathew Rowley''' | Mobile | Presentation Not available
 
 
 
==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ====
 
==== AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life ====
*'''Jerry Hoff''' | Developer | PDF
+
*'''Jerry Hoff''' | Developer | Presentation Not available
  
 
==== Put your robots to work: security automation at Twitter ====
 
==== Put your robots to work: security automation at Twitter ====
*'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | PDF
+
*'''Justin Collins, Neil Matatall, Alex Smolen''' | Rugged devops | Presentation Not available
 
   
 
   
 
=== 3:00 pm  - 3:45 pm  ===
 
=== 3:00 pm  - 3:45 pm  ===
Line 64: Line 64:
  
 
==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
 
==== Exploiting Internal Network Vulns via the Browser using BeEF Bind ====
*'''Michele Orru''' | Attack | PDF
+
*'''Michele Orru''' | Attack | Presentation Not available
 
 
 
 
 
==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ====
 
==== The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) ====
Line 73: Line 73:
  
 
==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ====
 
==== I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST ====
*'''Ofer Maor''' | Developer | PDF
+
*'''Ofer Maor''' | Developer | Presentation Not available
  
 
==== Rebooting (secure) software development with continuous deployment ====
 
==== Rebooting (secure) software development with continuous deployment ====
*'''Nick Galbreath''' | Rugged devops | PDF
+
*'''Nick Galbreath''' | Rugged devops | Presentation Not available
  
 
=== 4:00 pm  - 4:45 pm  ===
 
=== 4:00 pm  - 4:45 pm  ===
Line 86: Line 86:
  
 
==== Analyzing and Fixing Password Protection Schemes ====
 
==== Analyzing and Fixing Password Protection Schemes ====
*'''John Steven''' | Developer | PDF
+
*'''John Steven''' | Developer | Presentation Not available
  
 
==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ====
 
==== Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods ====
*'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | PDF
+
*'''Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner''' | Attack | Presentation Not available
 
 
 
==== WTF - WAF Testing Framework ====
 
==== WTF - WAF Testing Framework ====
Line 109: Line 109:
  
 
==== Payback on Web Attackers: Web Honeypots ====
 
==== Payback on Web Attackers: Web Honeypots ====
*'''Simon Roses Femerling''' | Architecture | PDF
+
*'''Simon Roses Femerling''' | Architecture | Presentation Not available
  
 
==== Spin the bottle: Coupling technology and SE for one awesome hack ====
 
==== Spin the bottle: Coupling technology and SE for one awesome hack ====
*'''David Kennedy''' | Attack | PDF
+
*'''David Kennedy''' | Attack | Presentation Not available
 
 
 
==== Incident Response: Security After Compromise ====
 
==== Incident Response: Security After Compromise ====
*'''Richard Bejtlich''' | Case Studies | PDF
+
*'''Richard Bejtlich''' | Case Studies | Presentation Not available
  
 
=== 11:00 am - 11:45 am ===
 
=== 11:00 am - 11:45 am ===
Line 128: Line 128:
  
 
==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
 
==== The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems ====
*'''Dan Cornell, Josh Sokol''' | Architecture | PDF
+
*'''Dan Cornell, Josh Sokol''' | Architecture | Presentation Not available
  
 
==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
 
==== Blended Threats and JavaScript: A Plan for Permanent Network Compromise ====
*'''Phil Purviance''' | Attack | PDF
+
*'''Phil Purviance''' | Attack | Presentation Not available
 
 
 
==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
 
==== Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards ====
*'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | PDF
+
*'''Juan Perez-Etchegoyen, Jordan Santarsieri''' | Case Studies | Presentation Not available
  
 
=== 1:00 pm - 1:45 pm ===
 
=== 1:00 pm - 1:45 pm ===
Line 144: Line 144:
  
 
==== Real World Cloud Application Security ====
 
==== Real World Cloud Application Security ====
*'''Jason Chan''' | Cloud | PDF
+
*'''Jason Chan''' | Cloud | Presentation Not available
 
 
 
 
 
==== NoSQL, no security? ====
 
==== NoSQL, no security? ====
*'''Will Urbanski''' | Architecture | PDF
+
*'''Will Urbanski''' | Architecture | Presentation Not available
  
 
==== SQL Server Exploitation, Escalation, and Pilfering ====
 
==== SQL Server Exploitation, Escalation, and Pilfering ====
*'''Antti Rantasaari, Scott Sutherland''' | Attack | PDF
+
*'''Antti Rantasaari, Scott Sutherland''' | Attack | Presentation Not available
 
 
 
==== Iran's real life cyberwar ====
 
==== Iran's real life cyberwar ====
Line 169: Line 169:
  
 
==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
 
==== XSS & CSRF with HTML5 - Attack, Exploit and Defense ====
*'''Shreeraj Shah''' | Attack | PDF
+
*'''Shreeraj Shah''' | Attack | Presentation Not available
 
 
 
==== The Application Security Ponzi Scheme: Stop paying for security failure ====
 
==== The Application Security Ponzi Scheme: Stop paying for security failure ====
*'''Jarret Raim, Matt Tesauro''' | Case Studies | PDF
+
*'''Jarret Raim, Matt Tesauro''' | Case Studies | Presentation Not available
  
 
=== 3:00 pm - 3:45 pm ===
 
=== 3:00 pm - 3:45 pm ===
Line 182: Line 182:
  
 
==== Origin(al) Sins ====
 
==== Origin(al) Sins ====
*'''Alex Russell''' | Developer | PDF
+
*'''Alex Russell''' | Developer | Presentation Not available
 
 
 
 
 
==== The 7 Qualities of Highly Secure Software ====
 
==== The 7 Qualities of Highly Secure Software ====
Line 198: Line 198:
  
 
==== Security at Scale ====
 
==== Security at Scale ====
*'''Yvan Boily''' | Developer | PDF
+
*'''Yvan Boily''' | Developer | Presentation Not available
  
 
==== Four Axes of Evil ====
 
==== Four Axes of Evil ====
Line 204: Line 204:
  
 
==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
 
==== Pining For the Fjords: The Role of RBAC in Today's Applications ====
*'''Wendy Nather''' | Architecture | PDF
+
*'''Wendy Nather''' | Architecture | Presentation Not available
  
 
==== Counterintelligence Attack Theory  ====
 
==== Counterintelligence Attack Theory  ====
*'''Fred Donovan''' | Attack | PDF
+
*'''Fred Donovan''' | Attack | Presentation Not available
 
 
 
==== Top Strategies to Capture Security Intelligence for Applications ====
 
==== Top Strategies to Capture Security Intelligence for Applications ====

Revision as of 11:48, 18 November 2012

  • AppSecUSA Presentations and Talks

Contents

Thursday 25th Oct

10:00 am - 10:45 am


Building Predictable Systems using Behavioral Security Modeling: |Functional Security Requirements

Top Ten Web Defenses

Mobile Applications & Proxy Shenanigans

  • Dan Amodio | Mobile | Presentation Not available

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy

  • Alejandro Caceres | Reverse Engineering | Presentation Not available

Gauntlt: Rugged by Example

  • Jeremiah Shirk | Rugged devops | PDF

11:00 am - 11:45 am


Building a Web Attacker Dashboard with ModSecurity and BeEF

  • Ryan Barnett | Attack | Presentation Not available

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews

  • Sherif Koussa | Developer | Presentation Not available

Cracking the Code of Mobile Application

Hacking .NET Application: Reverse Engineering 101

  • Jon Mccoy | Reverse Engineering | Presentation Not available

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value

2:00 pm - 2:45 pm


Hacking with WebSockets

  • Vaagn Toukharian | Attack | Presentation Not available

Bug Bounty Programs

  • Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available

How we tear into that little green man

  • Mathew Rowley | Mobile | Presentation Not available

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

  • Jerry Hoff | Developer | Presentation Not available

Put your robots to work: security automation at Twitter

  • Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available

3:00 pm - 3:45 pm


Exploiting Internal Network Vulns via the Browser using BeEF Bind

  • Michele Orru | Attack | Presentation Not available

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)

Demystifying Security in the Cloud: AWS Scout

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST

  • Ofer Maor | Developer | Presentation Not available

Rebooting (secure) software development with continuous deployment

  • Nick Galbreath | Rugged devops | Presentation Not available

4:00 pm - 4:45 pm


Cross Site Port Scanning

Analyzing and Fixing Password Protection Schemes

  • John Steven | Developer | Presentation Not available

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods

  • Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation Not available

WTF - WAF Testing Framework

DevOps Distilled: The DevOps Panel at AppSec USA

Friday 26th Oct

10:00 am - 10:45 am


Effective approaches to web application security

Why Web Security Is Fundamentally Broken

Payback on Web Attackers: Web Honeypots

  • Simon Roses Femerling | Architecture | Presentation Not available

Spin the bottle: Coupling technology and SE for one awesome hack

  • David Kennedy | Attack | Presentation Not available

Incident Response: Security After Compromise

  • Richard Bejtlich | Case Studies | Presentation Not available

11:00 am - 11:45 am


The Same-Origin Saga

Hack your way to a degree: a new direction in teaching application security at universities

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

  • Dan Cornell, Josh Sokol | Architecture | Presentation Not available

Blended Threats and JavaScript: A Plan for Permanent Network Compromise

  • Phil Purviance | Attack | Presentation Not available

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards

  • Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation Not available

1:00 pm - 1:45 pm


Builders Vs. Breakers

Real World Cloud Application Security

  • Jason Chan | Cloud | Presentation Not available

NoSQL, no security?

  • Will Urbanski | Architecture | Presentation Not available

SQL Server Exploitation, Escalation, and Pilfering

  • Antti Rantasaari, Scott Sutherland | Attack | Presentation Not available

Iran's real life cyberwar

2:00 pm - 2:45 pm


Get off your AMF and don’t REST on JSON

Unraveling Some of the Mysteries around DOM-Based XSS

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

XSS & CSRF with HTML5 - Attack, Exploit and Defense

  • Shreeraj Shah | Attack | Presentation Not available

The Application Security Ponzi Scheme: Stop paying for security failure

  • Jarret Raim, Matt Tesauro | Case Studies | Presentation Not available

3:00 pm - 3:45 pm


Using Interactive Static Analysis for Early Detection of Software Vulnerabilities

Origin(al) Sins

  • Alex Russell | Developer | Presentation Not available

The 7 Qualities of Highly Secure Software

Web Framework Vulnerabilities

Web App Crypto - A Study in Failure

4:00 pm - 4:45 pm


Security at Scale

  • Yvan Boily | Developer | Presentation Not available

Four Axes of Evil

Pining For the Fjords: The Role of RBAC in Today's Applications

  • Wendy Nather | Architecture | Presentation Not available

Counterintelligence Attack Theory

  • Fred Donovan | Attack | Presentation Not available

Top Strategies to Capture Security Intelligence for Applications