AppSec USA 2013 Nov. 18, 2013 to Nov. 21, 2013, New York, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
OWASP Media Project Introduction Jonathan Marcil The OWASP Media Project is an infrastructure project that gathers, consolidates, and promotes OWASP content ...
Project Summit: OWASP Projects Review Session Johanna Curiel , Samantha Groves During the OWASP Projects Review working session, attendees will be able to participate in the ...
2 Day Pre-Conference Training: Application Cryptanalysis with Bletchley Timothy Morgan Abstract: Use of cryptography permeates todays computing infrastructures. While few programmers attempt to implement sophisticated ...
2 Day Pre-Conference Training: Running A Software Security Program On Open Source Tools Dan Cornell Abstract: Using the Software Assurance Maturity Model (OpenSAMM) as a framework, this course walks through ...
2 Day Pre-Conference Training: Securing Mobile Devices & Applications Dan Amodio , David Lindner Overview: Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, ...
2 Day Pre-Conference Training: The Art of Exploiting Injection Flaws Sumit "sid" Siddharth Overview OWASP rates injection flaws as the most critical vulnerability within the Top 10 most ...
2 Day Pre-Conference Training: Web Application Defender's Cookbook: LIVE Ryan C. Barnett Can you answer these questions? • Are your web applications secure? • Do you know ...
Project Summit: ESAPI Hackathon Session Jeff Williams , Chris Schmidt , Kevin Wall Take part in building the next generation of the Enterprise Security API. In this hackathon ...
OWASP PHP Security and RBAC Projects: An introduction Abbas Naderi The aim of this session is to introduce attendees to both projects, and to get ...
Project Summit: AppSensor 2.0 Hackathon John T. Melton Take part in building the next generation of AppSensor. In this hackathon we will focus ...
Bug Bounty - Group Hack Dinis Cruz , Jeremiah Grossman , Tom Brennan , Simon Roses Femerling , Samantha Groves , Serg Belokamen , Casey Ellis Microsoft, Facebook, OWASP, Google and Paypal crowdsource their security with Bug Bounty programs, join the ...
Project Summit: Mobile Security Session Jack Mannino , Jason Haddix Just as the mobile security landscape has changed, so has the OWASP Mobile Project. Join ...
Project Summit: Training Development Session Konstantinos Papapanagiotou , Martin Knobloch Training is an important part of OWASP's mission as it helps not only in increasing ...
Project Summit: Academies Development Session Konstantinos Papapanagiotou , Martin Knobloch The OWASP Academies program aims to bring together academic institutions from all over the world ...
Hands-on Ethical Hacking: Preventing and Writing Exploits for Buffer Overflows Ralph Durkee A ntense 2.5 hours hands-on course where you will find a buffer overflow vulnerability and ...
Let us get this event started! Tom Brennan , Sarah elizabeth Baso , Israel Bryski , Peter Dean , Kate Hartmann , Kelly Santalucia Presentation will include kick-off with details about the activities that will happen, changes to the ...
Keynote:Computer and Network Security: I Think We Can Win! William R. Cheswick Some think that computer and network security is a lost cause. I have spent forty ...
Keynote:Project Summit: Writing and Documentation Review Session Samantha Groves , Michael Hidalgo OWASP Documentation Projects are a key element in the industry. They are broadly adopted and ...
Hardening Windows 8 apps for the Windows Store Bill Sempf Security and privacy in mobile development has been a topic in the iOS and Android ...
The Perilous Future of Browser Security Robert J. Hansen The tradeoffs required to make a secure browser are often largely poorly understood even amongst ...
Automation Domination Brandon Spruth Building your application security automation program as part of the Software Development Lifecycle (SDLC) with ...
How To Stand Up an AppSec Program - Lessons from the Trenches Joe Friedman We all know the importance of building security into the development of a company’s applications. ...
PANEL: Aim-Ready-Fire Sean Barnum , Ajoy Kumar , Pravir Chandra , Wendy Nather , Suprotik Ghose , Jason Rothhaupt , Ramin Safai Software assurance in the past 5 - 6 years has emerged as the key focus ...
Project Talk: Project Leader Workshop Samantha Groves The Project Leader Workshop is a 45 minute event activity that brings together current and ...
OWASP PCI toolkit Session Johanna Curiel Join us and learn how to help organizations achieve PCI-DSS compliance with OWASP tools & ...
From the Trenches: Real-World Agile SDLC Chris Eng Ideally, all organizations would incorporate security into their Agile development processes; however, best-practices Agile SDL ...
Securing Cyber-Physical Application Software Warren Axelrod Researchers and practitioners have not historically addressed sufficiently the fact that software engineers responsible for ...
Why is SCADA Security an Uphill Battle? Amol Sarwate This talk will present technical security challenges faced by organizations that have SCADA, critical infrastructure ...
Computer Crime Laws - Tor Ekeland, Attorney Tor Ekeland The Computer Fraud and Abuse Act: An Overview The notorious Computer Fraud and Abuse Act ...
Can AppSec Training Really Make a Smarter Developer? John Dickson Most application risk managers agree that training software developers to understand security concepts can be ... IncludeThinkstScapes
Project Talk: OWASP Enterprise Security API Project Chris Schmidt , Kevin Wall ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control ...
All the network is a stage, and the APKs merely players: Scripting Android Applications Daniel Peck The existance of open well defined APIs for many popular websites has been a boon ...
BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors Jason Haddix , Dawn Isabel The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit ...
Case Study: 10 Steps to Agile Development without Compromising Enterprise Security Yair Rovek In an Agile, fast paced environment with frequent product releases, security code reviews & testing ...
Build but don't break: Lessons in Implementing HTTP Security Headers Kenneth Lee Content Security Policy is a new standard from the WC3 that aims to help stop ...
The Cavalry Is Us: Protecting the public good Nicholas J. Percoco , Joshua Corman Description: In the Internet of Things, security issues have grown well beyond our day jobs. ...
OWASP NIST NSTIC IDecosystem Initiative: Initial Discussion Meeting Bev Corwin N/A
Mantra OS: Because The World is Cruel Greg Disney-leugers OWASP Mantra OS was developed under the mantra of “OWASP because the world is cruel”; ...
HTML5: Risky Business or Hidden Security Tool Chest? Johannes Ullrich The term "HTML5" encompasses a number of new subsystems that are currently being implemented in ...
A Framework for Android Security through Automation in Virtual Environments Parth Patel This session introduces a practical approach to securing Android applications through an automated framework. The ...
2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs Marco M. Morana , Tobias Gondrom As organization born from grass root ideals and volunteering efforts that stared 12 years ago ...
PANEL: Privacy or Security: Can We Have Both? Steven Rambam , Jim Manico , Jeff Fox , Joseph Concannon , James Elste , Amy Neustein , Jack Radigan Often confused with each other, security and privacy are both interdependent (privacy generally requires robust ...
Project Talk: OWASP OpenSAMM Project Dinis Cruz , Pravir Chandra , Seba Deleersnyder , Michael Hidalgo The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and ...
Javascript libraries (in)security: A showcase of reckless uses and unwitting misuses. Stefano Di Paola Client side code is a growing part of the modern web and those common patterns ...
Revenge of the Geeks: Hacking Fantasy Sports Sites Dan Kuykendall In this talk, I’ll show how all my IT security geek friends in the OWASP ...
What You Didn't Know About XML External Entities Attacks Timothy Morgan The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. ...
"What Could Possibly Go Wrong?" - Thinking Differently About Security Mary Ann Davidson Almost all security professionals have one or more headshaking security stories caused by everything from ...
PANEL: Cybersecurity and Media: All the News That's Fit to Protect? Space Rogue , Dylan Tweney , Michael Carbone , Rajiv Pant , Gordon Platt , Nico Sell It's no longer possible to be in the news media without being security savvy. Edward ...
Project Talk: The OWASP Education Projects Konstantinos Papapanagiotou , Martin Knobloch The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project ...
Advanced Mobile Application Code Review Techniques Sreenarayan A Advanced Mobile Application Code Review Techniques Abstract: Learn how Mobile experts blend their techniques in ...
OWASP Zed Attack Proxy Simon Bennetts The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. It ...
Pushing CSP to PROD: Case Study of a Real-World Content-Security Policy Implementation Brian Holyfield , Erik Larsson Widespread adoption of Content Security Policy (CSP) by most modern browsers has led many organizations ...
Making the Future Secure with Java Milton Smith The world is not the same place it was when Java started. It’s 2013, and ...
PANEL: Mobile Security 2.0: Beyond BYOD Jason Rouse , Stephen Wellman , Devindra Hardawar , Daniel Miessler BYOD has moved quickly from technology concept to business reality. Today's workers bring the mobile ...
Project Talk: OWASP Security Principles Project Dennis Groves The OWASP Security Principles Project aims to distill the fundamentals of security into a set ...
OWASP Top Ten Proactive Controls Jim Manico You cannot hack your way secure! The OWASP Proactive Controls is a "Top 10 like ...
Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud) Tsvika Klein , Ory Segal Presentation Title: "Big Data Intelligence" Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve ...
Forensic Investigations of Web Explotations Ondrej Krehel Investigation of hacking incidents often requires combine effort of different technologies. Evidence and forensics artifacts ...
Sandboxing JavaScript via Libraries and Wrappers Phu H. Phung The large majority of websites nowadays embeds third-party JavaScript into their pages, coming from external ...
Tagging Your Code with a Useful Assurance Label Sean Barnum , Robert Martin With so many ways for software to be vulnerable, businesses needs a way to focus ...
Healthcare Security Forum Amy Neustein , Judith Fincher N/A
OWASP Jeopardy Jerry Hoff This interactive activity will be a fun filled event where top security professionals will get ...
UNION SELECT `This_Talk` AS ('New Exploitation and Obfuscation Techniques’)%00 Roberto Salgado This talk will present some of the newest and most advanced optimization and obfuscation techniques ...
Defeating XSS and XSRF using JSF Based Frameworks Stephen Wolf During several recent code review engagements, I have discovered that developers sometimes gain a feeling ...
Contain Yourself: Building Secure Containers for Mobile Devices Ronald Gutierrez In today's world, everyone wants access to information from his or her personal mobile device. ...
Mobile app analysis with Santoku Linux Hoog Andrew Did you think there were a lot of mobile devices and platforms out there? Check ...
AppSec at DevOps Speed and Portfolio Scale Jeff Williams Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, ... IncludeThinkstScapes
Project Summit: ZAP Hackathon Session Simon Bennetts This session is a chance for people to learn how to work on ZAP from ...
iOS Application Defense - iMAS Gregg Ganley iOS application security can be *much* stronger and easy for developers to find, understand and ...
PiOSoned POS - A Case Study in iOS based Mobile Point-of-Sale gone wrong Mike Park Mobile Point of Sale (POS) are becoming more and more common in a wide variety ...
Accidental Abyss: Data Leakage on The Internet Kelly Fitzgerald PII is personally identifiable information. In the information age, seemingly useless bits of PII can ...
Leveraging OWASP in Open Source Projects - CAS AppSec Working Group David Ohsie , Bill Thompson , Aaron Weaver The CAS AppSec Working Group is a diverse volunteer team of builders, breakers, and defenders ...
Project Talk and Training: OWASP O2 Platform Dinis Cruz The O2 platform represents a new paradigm for how to perform, document and distribute Web ...
OWASP Hackademic: a practical environment for teaching application security Konstantinos Papapanagiotou Teachers of Application Security in higher education institutions and universities are presented with some unique ...
An Introduction to the Newest Addition to the OWASP Top 10. Experts Break-Down the New Guideline and Offer Provide Guidance on Good Component Practice Ryan Berg Experts in the field of application security and open source software development discuss the new ...
Verify your software for security bugs Simon Roses Femerling Verification is an important phase of developing secure software that is not always addressed in ...
The State Of Website Security And The Truth About Accountability and “Best-Practices” Jeremiah Grossman Whether you read the Verizon Data Breach Incidents Report, the Trustwave Global Security Report, the ...
Insecure Expectations Matt Konda Many developers rely on tests or specs (with expectations) to verify that our code is ...
OWASP Periodic Table of Elements James Landis After 25 years of software engineering since the first Internet worm was written to exploit ...
Application Security: Everything we know is wrong Eoin Keary The premise behind this talk is to challenge both the technical controls we recommend to ... IncludeThinkstScapes
PANEL: Women in Information Security: Who Are We? Where Are We Going? (Salon 1 & 2) Joan Goodchild , Dawn-marie Hutchinson , Gary Phillips , Carrie Schaper , Valene Skerpac N/A
Project Talk: OWASP Testing Guide Matteo Meucci , Andrew Mueller This project’s goal is to create a “best practices” web application penetration testing framework which ...
Hack.me: a new way to learn web application security Armando Romeo The Hack.me (https://hack.me) project is a worldwide, FREE for all platform where to build, host ...
Hacking Web Server Apps for iOS Bruno Since the iPhone has been released, people have been trying to figure out different ways ...
How to promote your chapter and increase attendance. This session will review different methods of promotion for your chapter all aimed at increasing meeting attendance. Topics will include social med Kate Hartmann N/A
NIST - Missions and impacts to US industry, economy and citizens Matthew Scholl , James St. Pierre Title: The US National Institute of Standards and Technology (NIST), Information Technology Lab (ITL). What ...
PANEL: Wait Wait... Don't Tell Me Software Security Chris Eng , Space Rogue , Josh Corman , Mark S. Miller N/A
Project Talk: OWASP Development Guide Andrew Stock The Development Guide is aimed at architects, developers, consultants and auditors and is a comprehensive ...
Project Summit: Open SAMM Session Seba Deleersnyder OWASP Software Assurance Maturity Model (SAMM) is an open framework to help organizations start and ...
Buried by time, dust and BeEF Michele Orru For those who do not listen Mayhem and black metal, the talk title might seem ...
Go Fast AND Be Secure: Eliminating Application Risk in the Era of Modern, Component-Based Development Jeff Williams , Ryan Berg Organizations are exposed to significant risks caused by their increasing reliance on open-source components. Component ...
Modern Attacks on SSL/TLS: Let the BEAST of CRIME and TIME be not so LUCKY Shawn Fitzgerald , Pratik Guha Sarkar SSL/TLS is the core component for providing confidentiality and authentication in modern web communications. Recent ... SSL IncludeThinkstScapes
OWASP Broken Web Applications (OWASP BWA): Beyond 1.0 Chuck Willis The OWASP Broken Web Applications (OWASP BWA) Project produces a free and open source virtual ...
Vendor relationships Sarah elizabeth Baso Vendors are not the bad guys. This session will include a lively discussion on vendor ...
Project Talk: OWASP AppSensor Dennis Groves The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement ... IncludeThinkstScapes
HTTP Time Bandit Vaagn Toukharian HTTP Time Bandit While web applications have become richer to provide a higher level user ...
Wassup MOM? Owning the Message Oriented Middleware Gursev Singh Kalra Message Oriented Middleware (MOM) allows disparate applications to communicate with each other by exchanging information ...
The 2013 OWASP Top 10 Dave Wichers The OWASP Top 10 has become the defacto standard for web application security and is ...
CSRF: not all defenses are created equal Ari Elias-bachrach CSRF is an often misunderstood vulnerability. The standard way to protect against it is by ...
Project Talk: OWASP Code Review Guide Larry Conklin The Code Review Guide focuses on secure code reviews and tools that aim to support ...
Silk, Webservers, Exploits and RATz by M4v3r1ck Yuri Limited Capacity seats available Disclaimer: If you have trigger issues -- please do not attend ...