AppSecUSA 2014 Sept. 16, 2014 to Sept. 19, 2014, denver,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Hacking .NET/C# Applications: Defend By Design Jon Mccoy I will cover how to build an application to resist attacks. This is not the ...
AppSec Survey 2.0: Fine-Tuning an AppSec Training Program Based on Data John B. Dickson Measuring the effectiveness of any security activity is widely discussed – security leaders debate the ...
Starting a chapter Kate Hartmann This session covers everything you need to know about starting a local OWASP chapter: requirements, ...
Zed Attack Proxy (Zap) 101 Chris Rossi N/A
Anatomy of memory scraping, credit card stealing POS malware Amol Sarwate Learn the nuts-and-bolts of how a memory scraping, credit card stealing point-of-sale (POS) malware works ...
IEEE Computer Society's Center for Secure Design - Helping You Design More Secure Software Jim Delgrosso The IEEE Computer Society's CSD (Center for Secure Design) was formed in 2014 with the ...
Mobile Security Attacks: A Glimpse from the Trenches Adi Sharabani , Yair Amit Hackers today apply covert and persistent techniques to attack mobile devices. Attend this presentation to ...
Modern Web Application Defense with OWASP Tools Frank Kim To address security defects developers typically resort to fixing design flaws and security bugs directly ...
Capture the Flag Chris Campbell This from-scratch Capture The Flag project was created by the Boulder OWASP chapter exclusively for ...
Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information Dan Cornell One of the reasons application security is so challenging to address is that it spans ...
Keynote: Bruce Schneier - The Future of Incident Response Bruce Schneier Network attacks are inevitable. Protection and detection can only take you so far, and response ...
OWASP ESAPI Bug Squash-a-thon Jeff Williams , Jim Manico , Chris Schmidt , Kevin Wall We will be squashing as many bugs as we can in preparation for a release.
OWASP Project Summit Jonathan Marcil , Matt Shufeldt N/A
OWASP Top 10 – Exploitation and Effective Safeguards (day 2 of 2) David Caissy This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Ruby on Rails - Auditing & Exploiting the Popular Web Framework (day 2 of 2) Joern Schneeweisz This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Securing Mobile Devices and Applications (day 2 of 2) David Lindner This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Malware Analysis Crash Course (day 2 of 2) Carrie Jung , Richard Wartell This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Managing Web & Application Security - OWASP for Senior Managers (day 1 of 1) Tobias Gondrom This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Ruby on Rails - Auditing & Exploiting the Popular Web Framework (day 1 of 2) Joern Schneeweisz This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Securing Mobile Devices and Applications (day 1 of 2) Dan Amodio , David Lindner This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Advanced Web Penetration Testing (day 2 of 2) Kevin Johnson This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Advanced Web Penetration Testing (day 1 of 2) Kevin Johnson , Jason Gillam This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Cryptography for the Modern Developer (day 1 of 1) Timothy Morgan This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Malware Analysis Crash Course (day 1 of 2) Carrie Jung , Richard Wartell This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
OWASP Top 10 – Exploitation and Effective Safeguards (day 1 of 2) David Caissy This training course is separate from the AppSec USA general conference. Visit http://appsecusa.org/training/ for information ...
Use After Free Exploitation Stephen Sims Use After Free vulnerabilities are the cause of a large number of web browser and ...
Nmap 101 Jon Pettyjohn This introductory guide is designed to introduce developers, testers, or anyone interested in learning the ...
Career Fair Joanna Foreman Connect with recruiters and hiring managers for a wide range of positions. Check out the ...
11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey Derek E. Weeks In 2013, OWASP updated its top 10 list to include “(A9) Avoiding the use of ...
iOS App Integrity: Got Any? Gregg Ganley , Gavin Black iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak ...
Project Monterey or How I Learned to Stop Worrying and Love the Cloud Kevin Glisson At Netflix developers deploy code hundreds of times a day. Each code push could be ...
Static Analysis for Dynamic Assessments Greg Patton Today’s dynamic and static web vulnerability scanners are capable of analyzing complex web applications for ...
CSRF 101 Danny Chrastil N/A
Lean Security for Small or Medium Sized Business Jonathan Chittenden , Anson Gomes For a small or medium sized business (SMB) the fallout from a security or privacy ...
Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing Daniel Peck While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for ...
Runtime Manipulation of Android and iOS Applications Dan Amodio , David Lindner With over 1.6 million applications in the Apple AppStore and Google Play store, and around ...
Your Password Complexity Requirements are Worthless Rick Redman If you think password hashes are safe in a database, you are wrong. If you ... IncludeThinkstScapes
CMS Hacking 101 Greg Foss N/A
Blended Web and Database Attacks on Real-time, In-Memory Platforms Juan Perez-etchegoyen It is well known there is a race going on in the “Big Data” arena. ...
Client-side security with the Security Header Injection Module (SHIM) Aaron Cure , Eric Johnson Client-side security headers are useful countermeasures for Man-In-The-Middle, Clickjacking, XSS, MIME-Type sniffing, and Data Caching ...
Not Go Quietly: Adaptive Strategies and Unlikely Teammates Joshua Corman Don’t be a hero; assemble your team of avengers from unlikely allies. Nearly every aspect ...
Top 10 Web Hacking Techniques of 2013 Matt Johansen , Johnathan Kuskos Every year the security community produces a stunning number of new Web hacking techniques that ...
App Server Hacking 101 (clusterd) Brandon Edmunds This workshop is a hands-on demonstration of the tool Clusterd. Clusterd is a python based ...
Hosting a conference Mark Major Whether it is an OWASP Day, a regional events, or an AppSec global conference, event ...
Keynote: Renee Guttmann - CISO Perspectives: Aligning Secure Software Application Development with Business Interests Renee Gutman CISO Perspectives: Aligning Secure Software Application Development with Business Interests: Software security is first, and ...
Code Brew Jess Garrett Join us for an evening of all things homebrewed and celebrate one of Colorado’s most ...
Jason Alan Magic Jason Alan When was the last time you gasped in astonishment? Shrieked with laughter? When have you ...
Keynote: Gary McGraw - Bug Parades, Zombies, and the BSIMM: A Decade of Software Security Gary Mcgraw Only thirteen years ago, the idea of building security in was brand new. Back then, ...
Bringing a Machete to the Amazon Erik Peterson Amazon Web Services (AWS) is billed as an amazingly secure and resilient cloud services provider, ...
Ten Secrets to Secure Mobile Applications Jason Haddix , Daniel Miessler Many high profile mobile apps have been in the news for failures to use encryption, ...
The DevOps of Things John Willis The DevOps movement is going to celebrate it’s fifth anniversary this October. I was fortunate ...
Warning Ahead: Security Storms are Brewing in Your JavaScript Helen Bravo JavaScript controls our lives – we use it to zoom in and out of a ...
Welcome to Hackazon - Get your favorite app scanner ready! Dan Kuykendall Get your favorite dynamic application security scanner ready to try out Hackazon! Hackazon, is a ...
DevOps and Security: The Facts, The Myths, The Legend David Mortman DevOps (despite it's increasing popularity amongst both startups and now enterprises as well) still has ...
Hacking .NET(C#) Applications: The Black Arts (ASM attacks) Jon Mccoy Attacking in live memory has been the area of highly skilled attackers with focused&costly tools. ...
Reversing Engineering a Web Application - For Fun, Behavior & WAF Detection Rodrigo Montoro Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly ...
Threat Modeling Made Interactive! Eunsuk Kang Threat modeling is an important part of any secure development process. By identifying potential threats ...
Penetration testing code coverage Hassan Radwan A continuous challenge facing penetration testers is ensuring adequate coverage of a target application. A ...
Auto-Scaling Web Application Security in the Cloud Misha Govshteyn Securing web applications has placed extreme demands on security professionals – in addition to understanding ...
Stop Chasing Vulnerabilities - Introducing *Continuous* Application Security Jeff Williams For too long, application security has been “experts-only” and practiced one-app-at-a-time. But modern software development, ...
When you can't afford 0days: Client-side exploitation for the masses Michele Orrù A bag of fresh and juicy 0days is certainly something you would love to get ...
Where the Security Rubber Meets the DevOps Road Damon Edwards DevOps is a natural evolution of Agile, Lean, Continuous Integration and other patterns common amongst ...
Customizing Burp Suite - Getting the most out of your extensions August Detlefsen The objective of this lecture is to give pentesters and tool developers an overview of ...
Catch me if you can: Building a Web Malware Analyzer using Machine Learning Anirban Banerjee With close to 10,000 new, legitimate websites being added to the Google malware blacklist every ...
From the Ground Up Steven Baan This project started by a challenge given to me at Appsec EU conference in Hamburg ...
Hacking the Oracle Application Framework: A case study in deep-dive pen testing David Byrne The Oracle Application Framework (OAF) is the base of dozens of Oracle’s web-based business applications ...
Implications & Opportunities at the Bleeding Edge of DevOps Chris Swan Ever Onward… as DevOps keeps evolving, this session will show you how the newest DevOps ...
Introduction to Golismero (The Web Knife) Mike Landeck N/A
Cloud Security at Scale and What it Means for Your Application Ben Hagen Cloud computing is all the rage, but few organizations have really thought about what security ...
Ground Truths of a Rugged DevOps Practitioner Matt Tesauro DevOps isn't just a buzzword. It isn't a miracle cure. It isn't the security apocolypse. ...
Headless Browser Hide and Seek Sergey Shekyan , Bei Zhang Headless browsers have quietly become indispensable tools for security teams, researchers, and attackers focusing on ...
OWASP A9: A Year Later - Are you still using components with known vulnerabilities? Ryan Berg It's been more than a year now since the introduction of the new A9 to ...
Pwning the Pawns with WiHawk Santhosh Kumar The elements that play a major role in today’s network architecture are router, gateway, switch, ...