AppSecCalifornia 2015 Jan. 26, 2015 to Jan. 28, 2015, California,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Training: Enterprise Incident Response Russ Gideon Incident Response is a multidisciplinary approach to understanding the methodologies, techniques, and tools for both ...
Training: Advanced Web Exploitation KungFu Marco Giovanni , Abhishek Sahni Advanced Web Exploitation Kung Fu is a fast paced training for penetration testers from intermediate ...
Training: Iron-Clad Development : Building Secure Applications Jim Manico The major cause of application insecurity is insecure software development practices. This highly intensive and ...
Training: Risk Centric Threat Modeling & Metrics in the SDL Tony Uv This training will walk through the 7 stages of the Process for Attack Simulation and ...
Training: Safely Riding the Rails Ken Johnson This course focuses on building secure Ruby on Rails applications. In addition to covering existing ...
Training: OWASP Top 10 – Exploitation and Effective Safeguards David Caissy Most web application developers have heard about SQL Injection and Cross-Site Scripting, but few know ...
Training: Cryptography For The Modern Developer Timothy D. Morgan Year after year, cryptography is incorporated in to more and more systems. Whether it be ...
BJJ Smackdown Caleb Queern Forget the golf course – security folks do Brazilian jiu-jitsu! For whatever reason, there is ...
Welcome Address Neil Matatall N/A
Opening Keynote Alex Stamos N/A
.NET Reversing and Exploitation for Cool Kids Kelly Lum Java isn't the only managed language with bugs. This talk will cover the current state ...
Devil in the Haystack Ping Yan Application security lies in the core of Salesforce.com's products, for which the reason is obvious. ...
Fixing XSS with Content Security Policy Ksenia Dmitrieva Cross-site scripting (XSS) has been dominating OWASP Top 10 for many years. Although input validation ...
Medical Device Security: An Infectious Disease Scott Erven Medical devices touch almost every one of us, whether through personal experience or that of ...
Malicious MDM: Fun with iOS MobileConfigs Karl Fosaaen MDM can be great way to put security controls on smart phones, but what happens ...
No Better ROI: HTTP Headers for Security Caleb Queern Eli Goldratt asks us to always keep in mind, "What's the Goal?" If our goal ...
The Emperor's New Password Manager: Security Analysis of Web-based Password Managers Devdatta Akhawe Joint work with Zhiwei Li, Warren He, Dawn Song We conduct a security analysis of ...
Levelling up an application security program David Rook In this talk, David will relay lessons learned from his first year working in the ...
Modern Malvertising and Malware web-based exploit campaigns Arian Evans , James Pleger 1. What are the top web-based exploit campaigns we see highly skilled, organized fraudulent actors ...
OWASP Top Ten Proactive Controls Jim Manico The major cause of web insecurity is poor development practices. We cannot “firewall” or “patch” ...
Unicodes Gone Wild Christien ( Dildog ) Rioux Despite solving an important problem for the internation community, for many years Unicode has been ...
API = Authentication's Poorly Implemented Zach Lanier Who doesn't love a robust, easy-to-use, well-documented API? The ability to plug right into an ...
Security Issues with Node.js Ilja van Sprundel N/A
Wi-Fi Hacking for Web Pentesters Greg Foss There is an ever-increasing trend with Internet Service Providers of all sizes providing open wireless ...
Anatomy of memory scraping, credit card stealing POS malware Amol Sarwate Credit card payment processing and point-of-sale (POS) systems are like a black box for most ...
DevOps for the Discouraged James Wickett You got DevOpsed! Your sysadmin team got renamed as the DevOps team. Developers got prod ...
Making SSL Warnings Work Adrienne porter Felt HTTPS is an important tool for protecting the privacy of online communication. However, SSL warnings ...
When Geo Goes Wrong: a Case Study Colby Moore Mobile apps are truly ubiquitous and enhance our lives in countless ways. However, many either ...
10 Deadly Sins of SQL Server Configuration Scott Sutherland Databases are the backbone of the applications that run our world and store our personal ...
Evolution Of Penetration Testing Stephan Chenette , Russ Gideon Penetration testing came about because of real world attacks. The industry quickly realized that we ...
The Savage Curtain : Mobile SSL Failures Tushar Dalvi , Tony Trummer Organizations are all so anxious to reach their "mobile moment", but are failing miserably at ...
We All Know What You Did Last Summer: Privacy and the Internet of Things Ken Westin The devices we carry and systems we interact with on a daily basis generate a ...
Fix The Damned Software. John Steven We've learned much about application security during its lifetime. We've honed assessment techniques and improved ...
Keynote Katie Moussouris N/A
Caspr and Friends (Content-Security-Policy Reporting and Aggregation) Stuart Larsen Caspr, a free and open source tool for collecting, aggregating and analyzing Content-Security-Policy (CSP) violation ...
Chrome Security Health & Wellness Parisa Tabriz Chrome is a browser built for the modern web and driven by three guiding principles: ...
Legacy Java Vulnerabilities – Ignore at Your Own Risk Jonathan Gohstand Java is one of the longest standing and most widely deployed enterprise programming languages in ...
Marshalling Pickles: How Deserializing Objects Will Ruin Your Day Chris Frohoff , Gabriel Lawrence Object serialization technologies allow programs to easily convert in-memory objects to and from various binary ...
Hackazon - Stop hacking like its 1999 Dan Kuykendall Applications have changed, but your test apps havent! Its about time for a test app ...
Proactively defending your business against security protocol attacks and implementation flaws Jim Manico , Cassio Goldschmidt HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, problems with the weakness of the ...
Uncovering OWASP’s Mobile Risks in iOS Apps Patrick Wardle Mobile apps are ever more ubiquitous, but their widespread adoption comes at a cost. Seemingly ...
Why Your AppSec Experts Are Killing You Jeff Williams Software development has been transformed by practices like Continuous Integration and Continuous Integration, while application ...
Building a Modern Security Engineering Organization Zane Lackey Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. ...
How Building a Better Hacker Accidentally Built a Better Defender Casey Ellis In the world of cybersecurity, there are two very important players. There are the builders. ...
IoT: Taking PKI Where No PKI Has Gone Before Scott Rea Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly ...
Misconceptions in the Cloud Peleus Uhley This presentation will discuss common misconceptions and issues that affect companies moving to the cloud. ...
DevOps, CI, APIs, Oh My!: Security Gone Agile Matt Tesauro As the world of system and application deployment continues to change, the sys admins and ...
Scaling Security in Agile Scrum Chris Eng Agile Scrum is here to stay, and security teams are finding themselves under-resourced and unprepared ...
Securing Software's Future: Why API Design Matters Timothy D. Morgan Writing secure software is far cheaper for society as a whole than fixing vulnerable software ...
SQLViking: Pillaging your Data Ken Toler , Jonn Callahan On every network there are is a set of highly desired assets which every pentester ...
Why Do We Suck at Infosec? Charlie Miller I'll begin the talk by contrasting the different kinds of attacks and targets, from typical ...