AppSecUSA 2016 Oct. 11, 2016 to Oct. 14, 2016, washington,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Training Session - Creating and Automating your own AppSec Pipeline Day 1 (2 Day) Matt Tesauro Any optimization outside the critical constraint is an illusion. In application security, the size of ...
Training Session - Hands-On Security in DevOps (SecDevOps) Workshop Day 1 (2 Days) Abhay Bhargav Agile and DevOps have revolutionized the way we deliver apps to customers. Software products today ...
Training Session - Mobile Application Exploitation iOS and Android Day 1 (2 Day) Dinesh Shetty , Prateek Gianchandani Even wondered how different attacking a Mobile application would be, from a traditional web application? ...
Training Session - Practical IoT Exploitation Day 1 (2 Day) Aditya Gupta , Norman Shamas Practical IoT Exploitation is a unique course being launched at OWASP AppSec by Attify. The ...
Training Session - Practical IoT Exploitation Day 2 (2 Day) Norman Shamas Practical IoT Exploitation is a unique course being launched at OWASP AppSec by Attify. The ...
Keynote - Software Supply Chain Lifecycle Management: Reducing Attack Vectors and Enabling Rugged DevOps Joe Jarzombek As the cyber threat landscape evolves and as software dependencies grow more complex, understanding and ...
Lightening Talk - Demystifying CSP Ilya Nesterov There have been many attempts to make the Web a more secure place, or at ...
Lightening Talk - Assessing and Exploiting XML Schemas Vulnerabilities Fernando Arnaboldi Specifications for XML and XML schemas have been designed with multiple security flaws. At the ...
The Ways Hackers Are Taking To Win The Mobile Malware Battle Yair Amit In the proverbial game of cat-and-mouse between endpoint security vendors and malware writers, malware attacks ...
Continuous Integration: Live Static Analysis using Visual Studio & the Roslyn API Eric Johnson For over 10 years, Visual Studio has provided basic source code analysis through FxCop and ...
Everything is Terrible: Three Perspectives on Building, Configuring, and Securing Software Chris Barker , Adrien Thebo , Bill Weiss Developers, operations, and security all have differing agendas and benchmarks for success. One is tasked ...
Lightening Talk - Application Security in a DevOps World: Three Methods for Shifting Left Arthur Hicken Application Security in a DevOps World: Three Methods for Shifting Left Operations has always resided ...
Lightening Talk - Automated Gadget Chain Generation for Object Injections Hendrik Buchwald Object injection vulnerabilities account for the most sophisticated attacks against web applications today. They persist ...
Lightening Talk - WAF Evolution, or How I Stopped Worrying About Vulnerabilities Brian Mchenry In this talk, we'll explore how application firewalls must evolve to continue to provide powerful, ...
Lightening Talk - Taking Back Privacy to Gain Control Steve Shillingford The word ‘privacy’ has become an increasingly prevalent and polarizing term and it is a ...
Lightening Talk - Beyond The ‘Cript: Practical iOS Reverse Engineering Michael Allen There is an app for everything these days. And if you are current on your ...
Practical Static Analysis for Continuous Application Security Justin Collins Static code analysis tools that attempt determine what code does without actually running the code ...
SPArring with the Security of Single Page Applications Dan Kuykendall SPArring with the Security of Single Page Applications When SPArring with the security of a ...
Your License for Bug Hunting Season Casey Ellis , Jim Denaro You don’t need a license for bug hunting season anymore. Bug bounty programs are becoming ...
Lightening Talk - LANGSEC 101: Taking the Theory Mainstream Kunal Anand LANGSEC has been a promising yet heady topic on the fringes of AppSec for several ...
Lightening Talk - Building your Own Security ChatBot Aaron Weaver ChatOps, a term widely credited to GitHub, is all about conversation-driven development and enabling teams ...
Lightening Talk - Can IT & Engineering get along for the sake of building, deploying, and maintaining app security? Mark Stutzman Mobile Security has become a top priority for companies as both critical customer and company ...
Lightening Talk - The hidden bug in public bug bounties Jacob Hansen On the surface, public bug bounty programs look like a no-brainer. You invite a number ...
Lightening Talk - Demystifying Windows Application Rupali Dash The talk will cover the security architecture of windows 7 and windows 8, os features ...
Barbarians at the Gate(way) Dave Lewis This talk will examine the tools, methods and data behind the DDoS and web attacks ...
Next Gen Web Pen Testing: Handling Modern Applications in a Penetration Test Kevin Johnson , Jason Gillam As technology advances and applications make use of newer technology, our penetration testing techniques and ...
Using language-theoretics and runtime visibility to align AppSec with DevOps Kunal Anand Programming languages are becoming more powerful and capable, and applications more porous than ever before ...
Cleaning Your Applications' Dirty Laundry with Scumblr Scott Behrens , Andrew Hoernecke Like many cutting-edge companies, the environment at Netflix is constantly changing. New applications are deployed ...
Should there be an Underwriters Laboratories certification for software in IoT products? Joshua Corman , Kevin Greene , Anita D'amico The US Cybersecurity National Action Plan released in February 2016 announced that the US government, ...
Threat Modeling with Architectural Risk Patterns Stephen de Vries Current approaches to Threat Modeling emphasise manual analysis typically performed by developers together with a ...
Securing the Electronic Frontier Cory Doctorow From light bulbs to drones, sophisticated technology is integrated into nearly every aspect of our ...
AppSec++ Take the best of Agile, DevOps and CI/CD into your AppSec Program Matt Tesauro Is software development outpacing your ability to secure your company’s portfolio of apps? You don’t ...
How to Find the Next Great Deserialization CVE Arshan Dabirsiaghi The talk will generalize the recent spate of deserialization attacks, including a brief discussion of ...
When encryption is not enough: Attacking Wearable - Mobile Application communication over BLE Sumanth Naropanth , Chandra Prakash Gopalaiah , Kavya Racharla Communication protocols have evolved from the traditional Serial and LAN ports to complex and lightweight ...
Keynote - The Less Hacked Path Samy Kamkar Since the dawn of the Internet and the Web, a broad series of hacking attack ...
Keynote - Cryptography in the age of Heartbleed Matthew Green The past decade has seen an unprecedented number of high-profile data breaches. To address this ...
Where bits & bytes meet flesh & blood: Devops, Cybersafety, and the Internet of Things Joshua Corman We've heard software is eating the world; software is infecting the world. Our dependence on ...
Protect Containerized Applications With System Call Profiling Chenxi Wang Container technologies like Docker are gaining mainstream interest from development and operations teams. Unlike virtual ...
Putting an “I” in Code Review – Turning Code Reviewing Interactive Ofer Maor Everybody knows that manual code review can be a tedious and lengthy effort, with complexity ...
Why using SMS in the authentication chain is risky and what better options are available Simon Thorpe Passwords are horrible for security. Over the past 20 years we’ve bolstered the password with ...
Continuous Security: DevOps and Ongoing Authorization Paula Thrasher Application security has changed dramatically from even just a decade ago. Today, if you do ...
DevOps to DevSecOps: a 2-dimensional view of security for DevOps Sanjeev Sharma When it comes to looking at Security and DevOps, one has to look at it ...
Exploiting CORS Misconfigurations for Bitcoins and Bounties James Kettle Hear the story of how a specification’s innocent intentions toward security and simplicity mingled with ...
Patterns of Authentication and Self-Announcement in the Internet of Things (IoT) Farbod H Foomany , Amir Pourafshar The need to connect ‘things’ to each other in the IoT ecosystem introduces new security ...
Practical tips for web application security in the age of agile and DevOps Zane Lackey The SDLC has been the standard model for web application security over the last decade ...
Serverless Security: Doing Security in 100 milliseconds James Wickett Serverless is the awesome future of cloud computing. This session will focus on practical security ...
Automating API Penetration Testing using fuzzapi Abhijeth Dugginapeddi , Srinivas Kotipalli Despite the widespread use of REST API calls using various frameworks, security researchers continue to ...
DevOops: Redux Chris Gates , Ken Johnson In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they ...
Needle: Finding Issues within iOS Applications Marco Lancini Assessing the security of an iOS application typically requires a plethora of tools, each developed ...
DevSecOps: A Peek Inside the Pipeline Shannon Lietz Got it, DevSecOps… now could you stop dropping the microphone and show me how. It’s ...
Making Invisible Things Visible: Revealing Secrets from 25,000 Applications Derek E. Weeks Every software development organization on the planet relies on a software supply chain —but most ...
If You Can’t Beat ‘Em Join ‘Em: Practical Tips For Running A Successful Bug Bounty Program Grant Mccracken , Daniel Trauner Having a bug bounty program is one of the most efficient methods of finding security ...
Misconfigured CORS and why web application security is not getting easier. Evan Johnson Web Application Security is actually really hard to enter into the "big-leagues" with a mature ...
Scaling Security Assessment at the Speed of DevOps Blake Hitchcock , Brian Manifold , Roger Seagle Scaling Security Testing at the Speed of DevOps Recent software development trends, namely DevOps, Continuous ...
Moving to the Left: DevOps practices and the changing role of SecOps Bill Weiss As shown in the 2016 State of DevOps Survey, DevOps practices are changing the role ...
Glad You Could Join Us: Bringing Security into the DevOps Fold Bryan Batty We all know that “DevOps” is a pormanteau of Development and Operations, but where is ...
Breaking and Fixing your ‘Docker’ ized environments Manideep Konakandla This presentation extracts few points from CIS Docker 1.12 benchmark which was co-authored by me. ...
Containerizing your Security Operations Center Jimmy Mesta As security professionals, we have no shortage of tools available to us in our offensive ...
HTTPS & TLS in 2016: Security practices from the front lines Kenneth White , Eric Mill Implementing strong security for Internet‐facing services has grown more challenging and more complex over the ...
Mapping the Risk in Your Value Stream Chris Corriere Mapping can help visualize the flow between your customers and the raw materials your business ...