owaspapseccalifornia 2018 Jan. 28, 2018 to Jan. 29, 2018, california,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Advanced Web Hacking and Secure Coding Vikram Salunke Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
Extended Web Application Hacking [Day 1 of 2] Peter Kim Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
Intro To Web Hacking Using ZAP/Hacking APIs And The MEAN Stack Tanya Janca , Nikki Becher Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
New OWASP Top 10 - Exploitation and Effective Safeguards [Day 1 of 2] Jim Manico Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
Extended Web Application Hacking [Day 2 of 2] Peter Kim Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
New OWASP Top 10 - Exploitation and Effective Safeguards [Day 2 of 2] Jim Manico Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
So You Want to Run a Secure Service on AWS? William Bengtson , Nag Medida Please note: Training Sessions are not included in the Conference price. Sign up now! Check ...
Welcome Address Richard Greenberg Chapter Leader, OWASP Los AngelesHi everyone! I am the Chair for AppSec California and the ...
Opening Keynote - Flipping the script: Fighting Advanced Threats at their Software Roots Eric Baize Abstract: For almost two decades, software security practitioners have successfully defined advanced techniques and tools ...
The Best Flaw Didn't Make Into Production Izar Tarandach Security practitioners - the Sisyphus of information technology. We stand with a huge mass of ...
The Only Reason Security Really Matters for DevOps Caroline Wong Abstract :This talk begins by exploring the answer to the question, why does DevOps matter? ...
Authentication without Authentication Omer Levi Hevroni Authentication is important, but how do you authenticate when user interaction is not an option? ...
DevOps Is Automation, DevSecOps Is People Mike Shema Abstract: A lot of appsec boils down to DevOps ideals like feedback loops, automation, and ...
ReproNow - Save time Reproducing and Triaging Security bugs Vinayendra Nataraja , Lakshmi Sudheer Abstract :Crowdsourcing security aka Bug Bounty Programs are adapted by almost all companies today: big, ...
Robots with Pentest Recipes - Democratizing Security Testing Pipelines for DevOps Wins Abhay Bhargav Abstract :Application Security (AppSec) Teams are usually short-staffed. While this is no surprise in itself. ...
Threat Modeling Toolkit Jonathan Marcil Threat Modeling is a great way to analyze security early in software development by structuring ...
Leveraging Cloud SDNs to Solve OWASP Top Ten John Studarus Abstract :Historically, implementing network security controls within a virtualized cloud environment have been difficult to ...
Breaking Fraud & Bot Detection Solutions Mayank Dhiman Abstract: Browser fingerprinting and user behavior tracking are powerful techniques used by most fraud and ...
The Path Of DevOps Enlightenment For InfoSec James Wickett Abstract: Security as we have known it has completely changed. Through challenges from the outside ...
Threat Modeling Panel Adam Shostack , Izar Tarandach , Jonathan Marcil , Haral Tsitsivas , Brook Schoenfield N/A
Decrease Your Stress and Increase Your Reach with Appsec Champions Coleen Coolidge Abstract: Being the only person in the entire company who works the appsec program gets ...
MarkDoom: How I Hacked Every Major IDE in 2 Weeks. Matt Austin Abstract: JavaScript (and HTML) has completely conquered the Web, and now it’s taking over the ...
OWASP Top 10 Andrew Stock Director, OWASP FoundationAndrew is an in demand speaker and trainer, with past speaking engagements at ...
SecDevOps: Current Research and Best Practices Clint Gibler Abstract:The last decade has seen widespread changes in how organization develop and release software. It's ...
Seeing Through the Fog - Navigating the Security Landscape of a Cloud-First World Ben Johnson Abstract :The prospect of the cloud is extremely attractive to many enterprises, so it’s no ...
The Bug Hunters Methodology 2.0 Jason Haddix Abstract: Building on the Bug Hunter's Methodology 1.0 given at Defcon 23, 2.0 brings the ...
Costs of Coding to Compliance Magen Wu , Joel Cardella Abstract: The problem with most compliance, such as PCI, is that when you manage a ...
Edgeguard: Client-side DOM Security - detecting malice - AN Open Framework Eoin Keary , Rahim Jina Abstract :“Project edgeguard” is a open framework that allows you to detect when malicious content ...
How Privacy Violations, Fines and Economic Sanctions Create Darker Opportunities. Christina Kubecka Abstract: Welcome to 2018. Although there’s no flying car in every garage yet. We do ...
Closing Keynote - Digital Disease: How Healthcare Cybersecurity Challenges Can Claim -or Save- Lives Christian quaddi Dameff Abstract: Old “data security first” and HIPAA compliance paradigms in healthcare can’t address the patient ...
Keynote - Prove It! Quantitatively Confronting Security With Data Richard Seiersen Abstract:What would you see occurring that would let you know that your security capabilities are ...
Pack your Android: Everything you need to know about Android Boxing Swapnil Deshmukh Android malware authors may enforce one or a combination of protection techniques like obfuscators, packers ...
Architecting for Security in the Cloud Josh Sokol Abstract: The best part about creating new products and services in the cloud is the ...
Taking on the King: Killing Injection Vulnerabilities Justin Collins Abstract:How do we dismantle the reign of dangerous and prevalent vulnerabilities? "Injection" has crowned the ...
Prevention as a Business Strategy Corey White Abstract: The world of cybersecurity has changed. Cybercriminals target organizations and unleash a torrent of ...
Hunter – Optimize your Pentesters time Kiran Shirali Abstract: Is your pentest report filled with low risk items? Are these projects that you ...
Lessons From The Threat Modeling Trenches Brook Schoenfield Abstract: What wisdom percolates from building threat modeling practices across 4 organizations? This presentation is ...
Security After Death -- Not your problem, or is it? Ty Shipman Abstract :The talk covers practical solutions to storing passwords and secure ways to share those ...
What's new in TLS 1.3 Alex Balducci Abstract: TLS 1.3 is just about here ! This talk will cover the more notable ...
Predicting Random Numbers in Ethereum Smart Contracts Arseny Reutov Abstract:Smart contracts are not only about ICOs - various lotteries, roulettes and card games are ...
Panel: Women in Security Caroline Wong , Christina Kubecka , Magen Wu , Coleen Coolidge , Kayva Pearlman N/A
A Tour of API Underprotection Skip Hovsmith Abstract :Effective API protection is a growing concern, reflecting the popularity of RESTful Web APIs ...
Where, how, and why is SSL traffic on mobile getting intercepted? A look at ten million real-world SSL incidents Alban Diquet Abstract :Over the last two years, we've received and analyzed more than ten million SSL ...
European Vacation - Leveraging GDPR for Security Anthony Trummer Abstract: Our friends across the pond, love their privacy. Makes you wonder what they're up ...
Applied Deception Beyond the Honeypot: Moving Past 101 Robert Wood Abstract: Conflict in cyberspace moves quickly, is primarily asynchronous and can be carried out by ...
Unpoisoned Fruit: Seeding Trust into a Growing World of Algorithmic Warfare Davi Ottenheimer Abstract: Artificial Intelligence, or even just Machine Learning for those who prefer organic, is influencing ...
We Come Bearing Gifts: Enabling Product Security with Culture and Cloud Patrick Thomas , Astha Singhal Abstract :What would it look like if security never had to say “no”?This talk explores ...
Closing Keynote - A free, fair and open internet is a process, not a product. Cory Doctorow Abstract: We're never going to be finished with the great work of securing the internet, ...