AppSecUSA 2015 Sept. 22, 2015 to Sept. 25, 2015, California,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
The Moral Imperatives and Challenges for Modern Application Security Alex Stamos It is becoming clear that the traditional methods of application security, such as the research-vuln-patch ...
Getting Started with ModSecurity Luca Carettoni , Mukul Khullar In one hour, we will teach you how to install, configure and protect your web ...
Building your own large scale web security scanning infrastructure in 40 minutes Albert Yu , Bishan Kochar There exists a lot of web security scanners and many are doing a descent good ...
Security as Code: A New Frontier Christian Price , Shannon Lietz Companies are quickly racing towards DevOps and Agile to ensure they meet customer demands for ...
WebRTC, or how secure is p2p browser communication? Martin Johns , Lieven Desmet In this presentation, we will provide the OWASP audience the necessary insights in this emerging ...
Securing your application using Docker Diogo Mónica In recent years applications have fundamentally changed, led largely by changing software development practices. These ...
People & Capital - The Fire & Fuel for Chapter Activities Noreen Whysel Meet the Staff - You've read our emails, chatted with us on Slack and heard ...
Blending the Automated and the Manual: Making Application Vulnerability Management Pay Dividends Dan Cornell , Steven Springett DevOps puts an intense focus on automation – taking humans out of the loop whenever ...
Customizing Burp Suite - Getting the Most out of Burp Extensions August Detlefsen , Monika Morrow This presentation will provide an overview of developing extensions for the Burp Suite intercepting proxy. ...
The Inmates Are Running the Asylum – Why Some Multi-Factor Authentication Technology is Irresponsible Clare Nelson Outline: - Define multi-factor authentication - Describe the current state of the technology - Describe ...
Hack the Cloud Hack the Company: the Cloud Impact on Enterprise Security Kevin Dunn iSEC Partners routinely carry out Attacker Modeled Penetration Tests that use any and all means ...
Protecting your Web Application with Content Security Policy (CSP) Martin Johns The basic problem of XSS has been known at least since the year 2000. Nonetheless, ...
A New Ontology of Unwanted Web Automation Colin Watson Web applications are subjected to unwanted automated usage – day in, day out. Often these ...
Practical Timing Attacks using Mathematical Amplification of Time Difference in == Operator Mostafa Siraj Timing attacks are usually undervalued by most web penetration testers. In this presentation, I’ll talk ...
Strengthening the Weakest Link: How to Manage Security Vulnerabilities in Third Party Libraries Used by Your Application Krishnan Dhandapani Organizations are increasingly incorporating open source software into their applications. Leveraging existing software to provide ...
Chimera: Securing a Cloud App Ecosystem with ZAP at Scale Tim Bach One of the biggest challenges in maintaining a cloud application ecosystem with software developed by ...
Security Requirements Identification using the OWASP Cornucopia Card Game Colin Watson OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, ...
Ah mom, why do I need to eat my vegetables? John Pavone Mom had a good reason for you to eat your vegetables; same thing goes with ...
Efficient Context-sensitive Output Escaping for JavaScript Template Engines Nera Liu , Albert Yu , Adonis P.h. Fung Despite being known for more than a decade, Cross-Site Scripting (XSS) vulnerabilities are still very ...
Secure Authentication without the Need for Passwords Don Malloy The recent major hacks at Sony, Target, Home Depot, Chase and Anthem all have something ...
QARK: Android App Exploit and SCA Tool Tushar Dalvi , Tony Trummer Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're ...
Using the OWASP Benchmark to Assess Automated Vulnerability Analysis Tools Dave Wichers The OWASP Benchmark is a test suite designed to evaluate the speed, coverage, and accuracy ...
Sinking Your Hooks in Applications Joe Rozner , Richard Meester Attackers typically have more compute resources and can spend much more time breaking components of ...
Continuous Cloud Security Automation Rohit Pitke Security can be hard to get right. In many organizations, security teams can be relatively ...
Practical Application Security Management- How to Win an Economically one-sided War Dheeraj Bhat Human human behavior can be reasonably measured by economic theory. Incentives and Penalties are huge ...
SecureMe – Droid' Android Security Application Vishal Asthana , Abhineet Jayaraj SecureMe – Droid is an Android security application that notifies the user of publicly known ...
Encouraging Diversity and Advancing Cybersecurity Education Elissa Shevinsky , Astha Singhal , Apoorva Giri , Shruthi Kamath Even in male-dominated STEM fields, computer science and security careers stand out for having so ...
Fireside Chat: Tech Companies Tackle AppSec: Successes, Challenges, Battle Scars Jim O'leary , Alex Garbutt , Matthew Finifter , Scott Behrens , James Dolph N/A
Fireside Chat: The End of SW Security as We Know It; Why This Might be a Good Thing. Josh Corman , Shannon Lietz , Jez Humble N/A
OWASP & More - State of OWASP & OWASP Jeopardy! Josh Sokol , Michael Coates , Jerry Hoff , Tobias Gondrom , Jim Manico OWASP is the largest applicat security non-profit organization in the world. We have over 200 ...
Cybersecurity Partnership, Technology and Trust Phyllis Schneck The Department of Homeland Security is a critical leader in our nation’s cybersecurity. By helping ...
Security Shepherd Web App Lightning Training Mark Denihan , Paul Mccann Want to learn the basics of Web App pen testing? Or would you prefer to ...
Detecting and managing bot activity more efficiently David Senecal Bots, also commonly referred to as scrapers or spiders, are omnipresent on the Internet. Studies ...
Modern Malvertising and Malware web-based exploit campaigns James Pleger The purpose of this presentation will be to introduce the audience to new techniques attackers ...
Future Banks Live in The Cloud: Building a Usable Cloud with Uncompromising Security Rob Witoff Running today’s largest consumer Bitcoin startup comes with a target on your back and requires ...
OWASP Reverse Engineering and Code Modification Prevention Project (Mobile) Jonathan Carter In this hands-on workshop session, Arxan Technical Director Jonathan Carter will show you how to ...
What's in Your Toolbox? - Resources for Engagement Spreading Open , Inviting And Secure? More Resources - Someone's already done the dirty work. The OWASP wiki is filled with ...
Security Testing for Enterprise Messaging Applications Gursev Singh Kalra The training will cover security testing concepts for enterprise messaging applications. An example JMS based ...
Game of Hacks: The Mother of All Honeypots Igor Matlin We created a “Game of Hacks” – a viral Web app marketed as a tool ...
PHP Security, Redefined Chris Cornutt Let’s be honest, PHP has had a rocky history with security. Over the years the ...
The State of Web Application Security in SCADA Web Human Machine Interfaces (HMIs) ! Aditya K Sood Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) ...
Going Bananas for Cloud Security - Auditing and Monitoring your AWS deployment with security_monkey Patrick gage Kelley Engineers at Netflix enjoy great freedom to deploy their applications without much interference from the ... IncludeThinkstScapes
The Bug Hunters Methodology Jason Haddix This is the live and hands on version of Jason's Defcon talk "How to Shot ...
Cisco’s Security Dojo: Raising the Application Security Awareness of 20,000+ Chris Romeo In two years, over twenty thousand Cisco employees and contractors worldwide invested hours over and ...
Cipher Text Says “MIID8zCCAtugAwIBAgIBAT” - Enterprise-wide SSL Automation w/Lemur + CloudCA Kevin Glisson Cipher Text Says “MIID8zCCAtugAwIBAgIBAT” - Enterprise-wide SSL Automation w/Lemur + CloudCA Contact - Kevin Glisson, ...
Doing AppSec at Scale: Taking the best of DevOps, Agile and CI/CD into AppSec. Matt Tesauro , Aaron Weaver How many applications are in your company’s portfolio? What’s the headcount for your AppSec team? ...
Wait, Wait! Don't pwn Me! Jacob West , Josh Corman , Mark S. Miller , Shannon Lietz Test your wits and current AppSec news knowledge against our panel of distinguished guests. In ...
Web Application Security Testing with Fiddler Michael Hidalgo Fiddler Web Debugging Tool is a free tool created by Eric Lawrence and it is ...
AppSensor: Real-Time Event Detection and Response John T. Melton AppSensor is a very active OWASP project that defines a conceptual framework, methodology, guidance and ...
Turtles All the Way Down: Storing Secrets in the Cloud and the Data Center Jack Singleton , Daniel Somerfield , Rosalie-wil Tolentino Getting credential storage right is not easy. You may be using PKI correctly, you may ...
Threat Modeling the IoT Supply Chain Aaron Guzman Internet of Things (IoT) invites different risks and attacks as we are in the process ...
Fireside Chat: How Universities Can Build the Next Generation of Security Engineers Sid Stamm , Matt Bishop N/A
Oh Yes, There is no more root detection for your Android App! - Reversing & Patching Binary” Abhinav Sejpal Android is the leading Operating system. It is used not just in Smartphones / Tablet ...
New Methods in Automated XSS Detection: Dynamic XSS Testing without Using Static Payloads Ken Belva For the past 15+ years all major automated XSS detection methods rely on payloads. Payloads ...
Providence: rapid vulnerability prevention Xiaoran Wang , Hormazd Billimoria , Max Feldman One challenging aspect of achieving software security is the struggle to catch up with the ...
ShadowOS: Modifying the Android OS for Mobile Application Testing Ray Kelly Most penetration testers know the headaches of testing mobile applications. Challenges like certificate pinning and ...