OWASP Appsec 2010 Nov. 8, 2010 to Nov. 11, 2010, Washington DC, USA
Notes :
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| Assessing And Exploiting Web Applications With Samurai-Wtf | Justin Searle , Mike Poor | Course Length: 2 Days Come take the official Samurai-WTF training course given by one of ... | Workshops |
| Leading An Appsec Initiative | Anonymous Speaker , Luciano Bello | Today, every business function relies on custom software applications. These applications are typically built under ... | Workshops |
| Remote Testing For Common Web Application Security Threats | David Rhoades | The proliferation of web-based applications has increased the enterprise's exposure to a variety of threats. ... | Workshops |
| The Art Of Exploiting Sql Injections | Sumit Siddharth | Workshops | |
| Webappsec.Php: Developing Secure Web Applications | Web applications are the new frontier of wide?spread security breaches. This tutorial will guide through ... | ||
| Java Security Overview | Zoltán Hornák | The course on one hand introduces the basic security solutions provided by the Java language ... | Workshops |
| Threat Modeling Express | Rohit Sethi | Workshops | |
| Software Security Remediation: How To Fix Application Vulnerabilities | Dan Dan cornell | This class teaches attendees how to fix security vulnerabilities in existing software. It provides a ... | Workshops |
| Appsec Dc 2010 Keynote | Neal Ziring | Keynote | |
| Python Basics For Web App Pentesters | Justin Searle | Take a break from those talks that overstimulate your brain with cool technical details but ... | Web Application Security |
| Drive By Downloads: How To Avoid Getting A Cap Popped In Your App | Neil Daswani | Which browser do you claim? What color is your screen-saver? It is a world wide ... | Web Application Security Statistics Intrusion Prevention |
| Secure Code Review: Enterprise Metrics | Anonymous Speaker | Developers in large organizations are experiencing a move to a more holistic centralized management of ... | Others Security |
| Cyber-Assurance Ecosystem - Automation Activities For Securing The Enterprise | Joe Jarzombek | Whether you manage internal development activities, work with third party developers or are developing a ... | Security Exploitation Cyberwar |
| White And Black Box Testing Of Lotus Domino Applications | Ari Elias-bachrach , Casey Pike | IBM’s Lotus Domino is a unique server platform which requires a unique procedure for both ... | Security Application Security SQL |
| Protecting Federal Government From Web 2.0 Application Security Risks | Anonymous Speaker | Social Media and Web 2.0 technologies - such as blogs, podcasts, web chat, Facebook, Twitter, ... | Security Web Risk Web Security Social Media |
| Measuring Security: 5 Kpis For Successful Web App Security Programs | Rafal Los | Modern enterprises recognize the need to test their web applications for security vulnerabilities, but few ... | Security Web Application Security Web Security Compliance |
| Security Risk And The Software Supply Chain | Karen Mercedes Goertzel | A critical aspect of the U.S. government’s effectiveness is the dependability, trustworthiness, and survivability of ... | Security Others Risk |
| Pen Testing With Iron | Andrew Wilson | By taking advantage of the new Dynamic Language Runtime (DLR) from Microsoft, many challenges in ... | Application Security |
| Providing Application-Level Assurance Through Dnssec | Suresh Krishnaswamy | The base DNS specification has certain security vulnerabilities that, with recent findings, makes it even ... | Security Web DNS |
| H.....T.....T....P.......P....O....S....T | Tom Brennan , Onn Chee | Denial-Of-Service is an attempt to make a computer resource unavailable to its intended users and ... | Security Web |
| Understanding How They Attack Your Weaknesses: Capec | Sean Barnum | By learning to think more like attackers, we gain a better understanding of how to ... | Security Analysis |
| Hacking Oracle From Web Apps | Anonymous Speaker | This talk will focus on exploiting SQL injections in web applications with oracle back-end and ... | Security Web SQL |
| Guardrails: A Nearly Painless Solution To Insecure Web Applications | Anonymous Speaker | With web applications continuing to grow in popularity and frameworks becoming simpler to use, creating ... | Web Application Security |
| Framed! Security-Patching Common Web Development Frameworks | Rafal Los , Joshua Abraham | Developers don’t write insecure code on purpose, they simply work with tools they’re given to ... | Security Infrastructure Web Application Security |
| Wxf: Web Exploitation Framework | Ken Johnson | The web application security field has seen a large expansion in the last decade. In ... | Security Web Application Security |
| The Strengths Of Combining Code Review With Application Penetration Testing | Dave Wichers | The strengths of manual code review in findings vulns (using the Top 10 as the ... | Security Web Application Security Compliance |
| Dealing With Web Application Security, Regulation Style | Andrew Weidenhamer | The fact that many organizations don't perform security unless they have to, significantly contributes to ... | Security Web Application Security Compliance |
| Ensuring Software Assurance Process Maturity | Edmund Wotring | All organizations—government and commercial—have a growing awareness of the need for an ongoing software assurance ... | Security Compliance |
| Pen-Test Panel | Joshua Abraham , Matthew Fisher , Ken Johnson , Kevin Johnson | Panel | |
| Botnet Resistant Coding: Protecting Your Users From Script Kiddies From Owasp Jump To: Navigation, Search 468X60-Banner-2010.Gif Registration | Hotel | Walter E. Washington Convention Center The Pr | Peter Greko , Fabian Rothschild | Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability ... | Security Development Botnets |
| Owasp Broken Web Applications Project Update | Chuck Willis | At AppSecDC in 2009, the OWASP Broken Web Applications (OWASP BWA) Project was announced and ... | Security Web Application Security |
| People, Process, And Technology: Owasp Impact On The Swa Processes And Practices Working Group | Michele Moss | Application security is an evolving field, and one that gets more complex each day as ... | Security Community |
| Closing The Gap: Analyzing The Limitations Of Web Application Vulnerability Scanners | Anonymous Speaker | Security Web Application Security | |
| Using Misuse Cases To Articulate Vulnerabilities To Stakeholders | Anonymous Speaker | Security | |
| Using Misuse Cases To Articulate Vulnerabilities To Stakeholders | Scott Mendenhall | The stakeholders of a web application often do not have specific knowledge regarding particular vulnerabilities. ... | Security Analysis |
| The Web Hacking Incident Database (Whid) Report | Ryan Barnett | The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to ... | Security Web Application Security |
| Federal Perspectives On Application Security | Anonymous Speaker | The panel will discuss application security in the Federal sector and prospects for change, including ... | Panel |
| Appsec Dc 2010 | Ron Ross | Keynote | |
| Hacking Sap Businessobjects | Joshua Abraham | Business intelligence is a multi-billion industry. At the top of the product food chain is ... | Security Business |
| Cloudy With A Chance Of Hack! | Lars Ewe | Cloud computing is a cost effective and efficient way for enterprises to automate their processes. ... | Security Cloud |
| Don'T Judge A Website By Its Icon - Read The Label! | Jeff Williams | The software market is broken - at least as far as security is concerned. When ... | Security Web |
| Application Portfolio Risk Ranking: Banishing Fud With Structure And Numbers | Dan Dan cornell | Far too often application security decisions are made in an ad hoc manner and based ... | Security Application Security |
| Deconstructing Coldfusion | Chris Eng | ColdFusion is a somewhat forgotten but still very prevalent web application development platform. This presentation ... | Security Web |
| Declarative Web Security | Brandon Sterne | The Web faces a host of well-known but persistent threats: XSS, CSRF, MITM, Phishing, Clickjacking, ... | Security Web Application Security |
| The Secure Coding Practices Quick Reference Guide | Keith Turpin | Introducing a new OWASP project, "The Secure Coding Practices Quick Reference Guide". The guide is ... | Security Compliance |
| Code Reviewing Strategies | Andrew Wilson | Looking at the source of an application that's over 100k lines of code can be ... | Security Compliance |
| Friendly Traitor 2 Features Are Hot But Giving Up Our Secrets Is Not! | Mike Poor , Kevin Johnson | In Friendly Traitor 2, Kevin Johnson and Mike Poor continue to explore the risks and ... | Security Exploitation |
| Exploiting The Media For Fun And Profit. Analysis Of A New Type Of Web Application Attacks Through Media Files | Aleksandr Yampolskiy | As the criminals adapt, they look for new ways to distribute malware. This talk will ... | Security Social Media |
| Open Source Web Entry Firewall | Ivan Butler | What makes the difference between a web application firewall and a web entry server? Learn ... | Security Web Firewall |
| Microsoft'S Security Development Lifecycle For Agile Development | Anonymous Speaker | Many development and security teams believe Agile development cannot be accomplished securely. During this presentation, ... | Security Development |
| Hacking .Net Applications At Runtime: A Dynamic Attack | Jon Mccoy | Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small ... | Application Security |
| Life In The Clouds: A Service Provider'S View | Michael Smith | Even though IT managers have been pushing towards cloud computing in recent years, people are ... | Security Cloud |
| Solving Real World Problems With Esapi | Anonymous Speaker | A great deal of work has gone into aggregating statistics and information about security vulnerabilities ... | Security Analysis |
| Financial Services Panel | Jerry Kickenson , Joe Bernik , Mahi Dontamsetti , Thien La , Ajoy Kumar | Panel | |
| Attack Detection And Prevention With Owasp Appsensor | Colin Watson | OWASP AppSensor defines a conceptual framework, methodology and guidance to implement intrusion detection and automated ... | Security Web Application Security |
| Social Zombies Gone Wild: Totally Exposed And Uncensored | Tom Eston , Kevin Johnson | Geolocation technology has significantly evolved over the years. Early use began with simple IP lookups ... | Security Social Media |
| Javasnoop: How To Hack Anything Written In Java | Anonymous Speaker | Anybody who has assessed anything with a thick Java client has probably been frustrated beyond ... | Security Web Application Security |
| Unlocking The Toolkit: Attacking Google Web Toolkit | Ron Gutierrez | The Google Web Toolkit (GWT) provides developers with a framework to easily create Rich Internet ... | Security Web Exploitation |
| Smart Phones With Dumb Apps: Threat Modeling For Mobile Applications | Dan Dan cornell | Enterprises are targeting both internal users and customers with smartphone applications for platforms such as ... | Mobile Security Android Security Exploitation |
| Owasp Modsecurity Core Rule Set | Ryan Barnett | This project just recently achieved Release Quality status as an OWASP Project. http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project This presentation ... | Security Others |
| Implementing A Secure Software Development Program | Anonymous Speaker | In this presentation I will discuss how the Library of Congress has implemented their Secure ... | Security Development |
| Constricting The Web: Offensive Python For Web Hackers | Anonymous Speaker | It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, ... | Security Web Network Penetration |
| Threats From Economical Improvement | Eduardo Neves | Baseline projections from Goldman Sachs envisage the BRICs overtaking the US by 2018. In terms ... | Security Analysis |
| Owasp Esapi Swingset | Fabio E Cerullo | The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users ... | Security Web Application Security |
| The Unintended Consequences Of Beating Users With Carrot Sticks: Radical Thoughts On Security Reform | Ben Tomhave | What we're doing today is not working and isn't sustainable. The fundamental culture of the ... | Security Analysis |