OWASPAppSecEU 2013 July 22, 2013 to July 23, 2013, Hamburg, Germany

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Welcome note and a manual for the conference and everything else Dirk Wetter This is just a short introduction for giving you all the necessary input for making ...
Keynote: Busting The Myth of Dancing Pigs: Angela's Top 10 list of reasons why users bypass security measures Angela Sasse In this talk, I will examine the most common reasons why users shortcut security measures, ...
Automated and unified opensource web application testing Daniel García García , Mario Vilas GoLismero is an opensource frameworks for security testing. The most interesting features of the framework: ...
OWTF Summer Storm Abraham Aranguren OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools ...
WebSensor - Sensing the Web with Community Collectors Christian Bockermann A huge barrier in web security research is the availability of research data. Web traffic ...
Keynote: Cryptography in Web Security: Stupid, Broken, and maybe Working? Jörg Schwenk N/A
Experience made in Technical Due Diligence Amir Alsbih Acquisitions are a possibility for companies to grew and enlarge their possibilities and portfolio. As ...
Qualitative Comparison of SSL Validation Alternatives Michael Brenner , Henning Perl , Matthew Smith , Sascha Fahl Although SSL/TLS is in widespread use today, certificate validation currently suffers from the weakest link ...
Rooting your internals: Inter-Protocol Exploitation, custom shellcode and BeEF Michele Orru Inter-protocol Exploitation removes browser-based attacks from being dependent upon browser vulnerabilities. It increases the number ...
OWASP - CISO Guide and CISO report 2013 for managers Tobias Gondrom This talk will present two new OWASP projects, the CISO guide and the first results ...
Recipes for enabling HTTPS Nelis Boucké , Thomas Herlea , Johan Peeters Securely enabling HTTPS turns out to be tricky and time consuming. There is the considerable ...
Precision Timing - Attacking browser privacy with SVG and CSS Paul Stone Maybe you’ve heard it before - HTML 5 brings a whole slew of new features ...
A Perfect CRIME? Only time will tell Tal Be'ery In 2012, security researchers shook the world of security with their CRIME attack against the ...
From the Trenches: Real-World Agile SDLC Chris Eng , Ryan O'Boyle Ideally, all organizations would incorporate security into their Agile development processes; however, best-practices Agile SDL ...
Burp Pro - Real-life tips and tricks Nicolas Gregoire A lot of services are provided through the Web. Pentesters are spending a lot of ...
Make cryptography trivial by rearranging the tools. Guido Witmond Eccentric Authentication is an authentication protocol that places end user anonymity, privacy and ease of ...
sqlmap - Would you like to inject some SQL? Miroslav Stampar sqlmap is an open source penetration testing tool that automates the process of detecting and ...
ThreadFix: The Open Source Software Vulnerability Management Platform Dan Cornell ThreadFix is a software vulnerability aggregation and management system that helps organizations coordinate scanning activities, ...
MalloDroid, Hunting Down Broken SSL in Android Apps Matthew Smith , Sascha Fahl , Marian Harbach In a study [1], we investigated the SSL/TLS security of 13,500 free Android apps from ...
OWASP Top 10 Proactive Controls Jim Manico The major cause of web insecurity is poor development practices. We cannot “firewall” or “patch” ...
Augmented Reality in your Web Proxy Roberto Suggi Liverani This talk intends to demonstrate how to improve web application security testing by combining browser ...
Content Security Policy - the panacea for XSS or placebo? Taras Ivashchenko Content Security Policy (CSP) is the mechanism to mitigate one of the most popular web ...
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations Robert Mcardle , Marco ‘embyte’ Balduzzi , Vincenzo Ciangaglini Over the past several years there has been a noticeable rise in the number of ...
XSS Horror Show Gareth Heyes My talk is about XSS techniques you have never heard off. In the last few ...
Improving the Security of Session Management in Web Applications Lieven Desmet , Frank Piessens , Wouter Joosen , Philippe de Ryck Session management is a critical component of modern web applications, allowing a server to keep ...
Security Testing Guidelines for mobile Apps Johannes Stroeher , Florian Stahl Smartphones and Tablets increasingly become part of our everyday life. Apps of all kinds assist ...
Matryoshka Eduardo Vela In recent years some people have taken the task to try and fix web security. ...
A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks Joachim Posegga , Bastian Braun , Christian V. Pollak Modern web applications frequently implement complex control flows, which require the users to perform actions ...
Cracking and Analysis of the Mobile Application Source Code Sreenarayan Ashokkumar Learn how any Mobile Expert aims to crack the application open and then perform line ...
The innerHTML Apocalypse - How mXSS attacks change everything we believed to know so far Mario Heiderich This talk introduces and discusses a novel, mostly unpublished technique to attack websites that are ...
OWASP Projects session Simon Bennetts The OWASP Project Session is a 2 hour meeting and workshop that aims to bring ...
Keynote: Secure all the things: fiction from the Web's immediate future Thomas Roessler While we declare victory or defeat on yesterday's security challenges, the Web is moving on ...
OWASP Hackademic Challenges Konstantinos Papapanagiotou The Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users ...
OWASP O2 Platform Dinis Cruz N/A
WS-Attacker Juraj Somorovsky , Christian Mainka WS-Attacker is a modular framework for web services penetration testing. It is a free and ...
Q-Box and H-Box: Raspberry PI for the Infrastructure and Hacker Fred Donovan This is a presentation/demonstration of utilizing Raspberry Pi to create two products hailed as the ...
Securing a modern JavaScript based single page web application Erlend Oftedal Modern web apps are often single page web apps. The heavy HTML-generating backend is replaced ...
Web Fingerprinting: How, Who, and Why? Nick Nikiforakis The web has become an essential part of our society and is currently the main ...
Insane in the IFRAME -- The case for client-side HTML sanitization David Ross Server-side HTML sanitization is a familiar web application building block, yet despite years of offensive ...
Making Security Tools accessible for Developers Yvan Boily Minion In late 2012 Mozilla released the first iteration of Minion, an open source security testing ...
Making the Future Secure with Java Milton Smith The world is not the same place it was when Java started. It’s 2013, and ...
Javascript libraries (in)security: A showcase of reckless uses and unwitting misuses Stefano Di Paola Client side code is a growing part of the modern web and those common patterns ...
In an Agile, fast-paced environment with frequent and multiple product releases, security code reviews & testing is usually considered to be a delaying factor that conflicts with success. Dave Wichers Is it possible to keep up with the high-end demands of continuous integration and deployment ...
OWASP ZAP Innovations Simon Bennetts The Zed Attack Proxy is one of the most popular OWASP projects, and has an ...
Clickjacking Protection Under Non-trivial Circumstances Ben Stock , Sebastian Lekies An important and timely attack technique on the Web is Clickjacking (also called UI redressing), ...
Do You Have a Scanner or a Scanning Program? Dan Cornell By this point, most organizations have acquired at least one code or application scanning technology ...
WAFEC - content and history of an unbiased project challenge Ofer Shezaf , Achim Hoffmann The Web Application Firewall Evaluation Criteria was initally released in 2006 by the Web Application ...
An Alternative Approach for Real-Life SQLi Detection Reto Ischi SQL injection vulnerabilities are known for at least 15 years and still belong to the ...
Introducing OWASP OWTF 5x5 Abraham Aranguren Background: The Offensive (Web) Testing Framework (aka OWTF) is a free and opensource OWASP+PTES-focused tool. ...
Origin Policy Enforcement in Modern Browsers Frederik Braun The Same Origin Policy is the foremost security policy in all browsers. Like most browser ...
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome extensions Krzysztof Kotowicz Browser extensions can let you easily make notes, entertain you with a game, or take ...
OWASP AppSensor – In Theory, In Practice and In Print Dennis Groves , Colin Watson The AppSensor Project defines the concept of application-specific real time attack detection and response. Begun ...
OWASP Hackademic: a practical environment for teaching application security Konstantinos Papapanagiotou , Spyros Gasteratos Teachers of Application Security in higher education institutions and universities are presented with some unique ...
New OWASP ASVS 2013 Sahba Kazerooni We are excited to announce and share the next version of the OWASP Application Security ...
Sandboxing Javascript Lieven Desmet , Steven van Acker , Nick Nikiforakis The inclusion of third-party scripts in web pages is a common practice. In this talk, ...
The SPaCIoS Tool: property-driven and vulnerability-driven security testing for Web-based application scenarios Luca Compagna In this talk, we present how the SPaCIoS Tool supports security analysts and developers in ...
Closing Note: "Access Control of the Web - The Web of Access Control" Dieter Gollmann Many (most?) of the familiar security problems of the Web can be understood as instances ...