AppSec USA 2013 - Presentations

[Nytro]

AppSec USA 2013 - Presentations

[h=2]NOVEMBER 20 • WEDNESDAY[/h] 8:30AM – 8:50AM Welcome to OWASP AppSecUSA – Updates

Speakers: Tom Brennan, Peter Dean, Israel Bryski

9:00AM – 9:50AM Keynote: Computer and Network Security: I Think We Can Win!

Speakers: William Cheswick

10:00AM – 10:50AM Hardening Windows 8 apps for the Windows Store

Speakers: Bill Sempf

10:00AM – 10:50AM The Perilous Future of Browser Security

Speakers: Robert Hansen

10:00AM – 10:50AM Automation Domination

Speakers: Brandon Spruth

10:00AM – 10:50AM How To Stand Up an AppSec Program – Lessons from the Trenches

Speakers: Joe Friedman

10:00AM – 10:50AM PANEL: Aim-Ready-Fire

Moderator: Wendy Nather

Speakers: Ajoy Kumar, Pravir Chandra, Suprotik Ghose, Jason Rothhaupt, Ramin Safai, Sean Barnum

10:00AM – 10:50AM Project Talk: Project Leader Workshop

Speakers: Samantha Groves

11:00AM – 11:50AM From the Trenches: Real-World Agile SDLC

Speakers: Chris Eng

11:00AM – 11:50AM Securing Cyber-Physical Application Software

Speakers: Warren Axelrod

11:00AM – 11:50AM Why is SCADA Security an Uphill Battle?

Speakers: Amol Sarwate

11:00AM – 11:50AM Computer Crime Laws

Speakers: Tor Ekeland, Attorney

11:00AM – 11:50AM Can AppSec Training Really Make a Smarter Developer?

Speakers: John Dickson

11:00AM – 11:50AM Project Talk: OWASP Enterprise Security API Project

Speakers: Chris Schmidt, Kevin Wall

12:00PM – 12:50PM All the network is a stage, and the APKs merely players: Scripting Android Applications

Speakers: Daniel Peck

12:00PM – 12:50PM BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors

Speakers: Jason Haddix, Dawn Isabel

12:00PM – 12:50PM Case Study: 10 Steps to Agile Development without Compromising Enterprise Security

Speakers: Yair Rovek

12:00PM – 12:50PM Build but don’t break: Lessons in Implementing HTTP Security Headers

Speakers: Kenneth Lee

12:00PM – 12:50PM The Cavalry Is Us: Protecting the public good

Speakers: Josh Corman, Nicholas J. Percoco

1:00PM – 1:50PM Mantra OS: Because The World is Cruel

Speakers: Greg Disney-Leugers

1:00PM – 1:50PM Open Mic – Birds of a Feather –> Cavalry

Speakers: Josh Corman, Nicholas J. Percoco

1:00PM – 1:50PM HTML5: Risky Business or Hidden Security Tool Chest?

Speakers: Johannes Ullrich

1:00PM – 1:50PM A Framework for Android Security through Automation in Virtual Environments

Speakers: Parth Patel

1:00PM – 1:50PM 2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs

Speakers: Marco Morana, Tobias Gondrom

1:00PM – 1:50PM PANEL: Privacy or Security: Can We Have Both?

Moderators: Jeff Fox

Speakers: Jim Manico, James Elste, Jack Radigan, Amy Neustein, Joseph Concannon, Steven Rambam

1:00PM – 1:50PM Project Talk: OWASP OpenSAMM Project

Speakers: Seba Deleersnyder, Pravir Chandra

2:00PM – 2:50PM Javascript libraries (in)security: A showcase of reckless uses and unwitting misuses

Speakers: Stefano Di Paola

2:00PM – 2:50PM Revenge of the Geeks: Hacking Fantasy Sports Sites

Speakers: Dan Kuykendall

2:00PM – 2:50PM What You Didn’t Know About XML External Entities Attacks

Speakers: Timothy Morgan

2:00PM – 2:50PM Open Mic: Making the CWE Approachable for AppSec Newcomers

Speakers: Hassan Radwan

2:00PM – 2:50PM “What Could Possibly Go Wrong?” – Thinking Differently About Security

Speakers: Mary Ann Davidson

2:00PM – 2:50PM PANEL: Cybersecurity and Media: All the News That’s Fit to Protect?

Moderators: Dylan Tweney

Speakers: Rajiv Pant, Gordon Platt, Space Rogue, Michael Carbone, Nico Sell

2:00PM – 2:50PM Project Talk: The OWASP Education Projects

Speakers: Konstantinos Papapanagiotou, Martin Knobloch

3:00PM – 3:50PM Advanced Mobile Application Code Review Techniques

Speakers: sreenarayan a

3:00PM – 3:50PM OWASP Zed Attack Proxy

Speakers: Simon Bennetts

3:00PM – 3:50PM Open Mic: FERPAcolypse NOW! – Lessons Learned from an inBloom Assessment

Speakers: Mark Major

3:00PM – 3:50PM Pushing CSP to PROD: Case Study of a Real-World Content-Security Policy Implementation

Speakers: Brian Holyfield, Erik Larsson

3:00PM – 3:50PM MMaking the Future Secure with Java

Speakers: Milton Smith

3:00PM – 3:50PM PANEL: Mobile Security 2.0: Beyond BYOD

Moderators: Stephen Wellman

Speakers: Devindra Hardawar, Daniel Miessler, Jason Rouse

3:00PM – 3:50PM Project Talk: OWASP AppSensor Project

Speakers: John Melton, Dennis Groves

4:00PM – 4:50PM OWASP Top Ten Proactive Controls

Speakers: Jim Manico

4:00PM – 4:50PM Open Mic: Struts Ognl – Vulnerabilities Discovery and Remediation

Speakers: Eric Kobrin

4:00PM – 4:50PM Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud)

Speakers: Ory Segal, Tsvika Klein

4:00PM – 4:50PM Forensic Investigations of Web Explotations

Speakers: Ondrej Krehel

4:00PM – 4:50PM Sandboxing JavaScript via Libraries and Wrappers

Speakers: Phu Phung

4:00PM – 4:50PM Tagging Your Code with a Useful Assurance Label

Speakers: Robert Martin, Sean Barnum

[h=2]NOVEMBER 21 • THURSDAY[/h] 9:00AM – 9:50AM ‘) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniques’)%00

Speakers: Roberto Salgado

9:00AM – 9:50AM Defeating XSS and XSRF using JSF Based Frameworks

Speakers: Steve Wolf

9:00AM – 9:50AM Contain Yourself: Building Secure Containers for Mobile Devices

Speakers: Ronald Gutierrez

9:00AM – 9:50AM Mobile app analysis with Santoku Linux

Speakers: Hoog Andrew

9:00AM – 9:50AM AppSec at DevOps Speed and Portfolio Scale

Speakers: Jeff Williams

9:00AM – 10:00AM OWN THE CON: How we organized AppSecUSA – come learn how you can do it too

Speakers: Tom Brennan, Sarah Baso, Peter Dean, Israel Bryski

10:00AM – 10:50AM Open Mic: OpenStack Swift – Cloud Security

Speakers: Rodney Beede

10:00AM – 10:50AM iOS Application Defense – iMAS

Speakers: Gregg Ganley

10:00AM – 10:50AM PiOSoned POS – A Case Study in iOS based Mobile Point-of-Sale gone wrong

Speakers: Mike Park

10:00AM – 10:50AM Accidental Abyss: Data Leakage on The Internet

Speakers: Kelly FitzGerald

10:00AM – 10:50AM Leveraging OWASP in Open Source Projects – CAS AppSec Working Group

Speakers: Bill Thompson, Aaron Weaver, David Ohsie

10:00AM – 11:50AM Project Talk and Training: OWASP O2 Platform

Speakers: Dinis Cruz

11:00AM – 11:50AM OWASP Hackademic: a practical environment for teaching application security

Speakers: Konstantinos Papapanagiotou

11:00AM – 11:50AM An Introduction to the Newest Addition to the OWASP Top 10. Experts Break-Down the New Guideline and Offer Provide Guidance on Good Component Practice

Speakers: Ryan Berg

11:00AM – 11:50AM Verify your software for security bugs

Speakers: Simon Roses Femerling

11:00AM – 11:50AM Open Mic: Password Breaches – Why They Impact Your App Security When Other WebApps Are Breached

Speakers: Michael Coates

11:00AM – 11:50AM The State Of Website Security And The Truth About Accountability and “Best-Practices”, Full Report

Speakers: Jeremiah Grossman

12:00PM – 12:50PM Open Mic: What Makes OWASP Japan Special

Speakers: Riotaro OKADA

12:00PM – 12:50PM Insecure Expectations

Speakers: Matt Konda

12:00PM – 12:50PM OWASP Periodic Table of Vulnerabilities

Speakers: James Landis

12:00PM – 12:50PM Application Security: Everything we know is wrong

Speakers: Eoin Keary

12:00PM – 12:50PM PANEL: Women in Information Security: Who Are We? Where Are We Going?

Moderators: Joan Goodchild

Speakers: Dawn-Marie Hutchinson, Valene Skerpac, Carrie Schaper, Gary Phillips

12:00PM – 12:50PM Project Talk: OWASP Testing Guide

Speakers: Andrew Mueller, Matteo Meucci

1:00PM – 1:50PM Hack.me: a new way to learn web application security

Speakers: Armando Romeo

1:00PM – 1:50PM Hacking Web Server Apps for iOS

Speakers: Bruno Oliviera

1:00PM – 1:50PM Open Mic: Vision of the Software Assurance Market (SWAMP)

1:00PM – 1:50PM NIST – Missions and impacts to US industry, economy and citizens

Speakers: James St. Pierre, Rick Kuhn

1:00PM – 1:50PM PANEL: Wait Wait… Don’t Pwn Me!

Moderators: Mark Miller

Speakers: Josh Corman, Chris Eng, Space Rogue, Gal Shpantzer

1:00PM – 1:50PM Project Talk: OWASP Development Guide

Speakers: Andrew van der Stock

2:00PM – 2:50PM Buried by time, dust and BeEF

Speakers: Michele Orru

2:00PM – 2:50PM Go Fast AND Be Secure: Eliminating Application Risk in the Era of Modern, Component-Based Development

Speakers: Jeff Williams, Ryan Berg

2:00PM – 2:50PM Modern Attacks on SSL/TLS: Let the BEAST of CRIME and TIME be not so LUCKY

Speakers: Pratik Guha Sarkar, Shawn Fitzgerald

2:00PM – 2:50PM OWASP Broken Web Applications (OWASP BWA): Beyond 1.0

Speakers: Chuck Willis

2:00PM – 2:50PM POpen Mic: Practical Cyber Threat Intelligence with STIX

Speakers: Sean Barnum

2:00PM – 2:50PM Project Talk: OWASP Security Principles Project

Speakers: Dennis Groves

3:00PM – 3:30PM Open Mic: About OWASP

Speakers: Sarah Baso, Michael Coates

3:00PM – 3:50PM HTTP Time Bandit

Speakers: Vaagn Toukharian

3:00PM – 3:50PM Wassup MOM? Owning the Message Oriented Middleware

Speakers: Gursev Singh Kalra

3:00PM – 3:50PM The 2013 OWASP Top 10

Speakers: Dave Wichers

3:00PM – 3:50PM CSRF not all defenses are created equal

Speakers: Ari Elias-Bachrach

3:00PM – 3:50PM Project Talk: OWASP Code Review Guide

Speakers: Larry Conklin

3:30PM – 4:00PM Bug Bounty – Group Hack

Speakers: Tom Brennan, Casey Ellis

4:00PM – 5:00PM Award Ceremony

Speakers: Tom Brennan, Peter Dean

Sursa: Presentations | AppSec USA 2013