AppSecUSA 2012 Oct. 22, 2012 to Oct. 26, 2012, Austin,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
KEYNOTE: Infosec at Ludicrous Speed: Rugged DevOps and More... Gene H. Kim N/A Information security is rightly afraid of being marginalized: it has already happened. With the ... Security
Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements John Benninghoff Behavioral Security Modeling (BSM), first presented at AppSec USA 2011 in Minneapolis, was conceived as ... Security
Top Ten Web Defenses Jim Manico We cannot hack or firewall our way secure. Application programmers need to learn to code ... Security
Mobile Applications & Proxy Shenanigans Dan Amodio , David Lindner With over 5 Billion mobile devices presently in use, mobile applications enable new threats and ...
Reverse Engineering Secure HTTP APIs With An SSL Proxy Alejandro Caceres , Mark Haase The proliferation of mobile devices has led to increased emphasis on native applications, such as ...
Gauntlt: Rugged by Example Jeremiah Shirk , Mani Tadayon , James Wickett "Be Mean to Your Code" is the concept behind the ruggedization framework called Gauntlt (pronounced ...
Building a Web Attacker Dashboard with ModSecurity and BeEF Ryan C. Barnett The Browser Exploit Framework (BeEF) Project is extremely popular with application pentesters as it is ... Security
Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews Sherif Koussa Secure Code Review: Magic or Art? A Simplified Approach to Secure Code Review. Secure code ... Security
Cracking the Code of Mobile Application Sreenarayan Ashokkumar Learn how any Mobile Expert aims to crack the application open. While testing / reviewing ... Security
Hacking .NET Application: Reverse Engineering 101 Jon Mccoy This speech will focus on Reverse Engineering and Evaluations of .NET Framework Desktop Software. I ... Security
Doing the unstuck: How Rugged cultures drive Biz & AppSec Value Josh Corman Rugged Software was an attempt to get application security unstuck and beyond the .0001% who ... Security
KEYNOTE: Securing JavaScript by Douglas Crockford Douglas Crockford "The Web platform is hopelessly insecure, yet surprisingly, JavaScript can be transformed into a secure ... Security
Hacking with WebSockets Vaagn Toukharian "HTML5 isn't just for watching videos on your iPad. Its features may be the target ... Security
AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life Jerry Hoff One of the most vital pieces of a secure SDLC is security training not only ... Security
Bug Bounty Programs Michael Coates , Chris Evans , Alex Rice , Jeremiah Grossman , Adam Mein N/A Panel IncludeThinkstScapes Bug Bounty
How we tear into that little green man Matthew Rowley Mobile applications are a part of every persons, and every organizations life. The potential for ... Security
Put your robots to work: security automation at Twitter Neil Matatall , Justin Collins , Alex Smolen With daily code releases and a growing infrastructure, manually reviewing code changes and protecting against ...
Exploiting Internal Network Vulns via the Browser using BeEF Bind Michele Orru Abstract:Browser exploits are a primary attack vector to compromise a victims internal network, but they ... Security
Demystifying Security in the Cloud: AWS Scout Jonathan Chittenden The scale and variety of Amazon Web Servers (AWS) has created a constantly changing landscape. ... Security
I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST Ofer Maor Until recently, SAST/DAST dominated the application security testing market, each with its own pros and ... Security
The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension) Shay Chen Information disclosure has always been a boon to hackers. The Crown Jewel of information disclosure, ... Security
Rebooting (secure) software development with continuous deployment Nick Galbreath If we are ever going to get ahead of the whack-a-mole security vulnerability game, we, ... Security
WTF - WAF Testing Framework Yaniv Azaria , Amichai Shulman We will be presenting a new approach to evaluating web application firewall capabilities that is ...
Cross Site Port Scanning Riyaz Walikar Several web applications provide functionality to pull data from other Internet facing Web Applications for ... Security
Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods Arshan Dabirsiaghi , Alex Emsellem , Matthew Paisner Attacks such as Cross-Site Scripting, HTTP header injection, and SQL injection take advantage of weaknesses ...
Analyzing and Fixing Password Protection Schemes John Steven In this talk jOHN takes apart password protection scheme analyzing the attack resistance of hashes, ... Security
DevOps Distilled: The DevOps Panel at AppSec USA David Mortman , Gene H. Kim , Josh Corman , Nick Galbreath , James Wickett "DevOps is the rage these days, but what does it really mean and what does ...
KEYNOTE: The State of OWASP Michael Coates , Eoin Keary , Tom Brennan , Seba Deleersnyder , Matt Teasauro , David Wichers Come hear about the State of OWASP from the OWASP Board
KEYNOTE: Some Lessons from the Trenches Michael Howard During the last year, Michael has moved from working with internal Microsoft product groups, such ... Introductory IncludeThinkstScapes Industry News
Payback on Web Attackers: Web Honeypots Simon Roses Femerling Honeypots have played a key role as a defensive technology for a long time in ... Security
Spin the bottle: Coupling technology and SE for one awesome hack David Kennedy "Social-Engineering is nothing new. From the dawn of man, social-engineering has been an avenue to ... Security
Incident Response: Security After Compromise Richard Bejtlich Too often security and IT professionals believe that once a system is compromised, security has ... Security
Effective approaches to web application security Zane Lackey This presentation will focus on new and interesting approaches to web application security problems posed ... Security
Why Web Security Is Fundamentally Broken Jeremiah Grossman Most people are disturbed when they witness just how much of their personal information is ... Security
The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems Josh Sokol , Dan Cornell Throw out everything that you know about security tools today. No more six-figure appliances that ...
Blended Threats and JavaScript: A Plan for Permanent Network Compromise Phil Purviance This is a version of the talk I gave at Black Hat USA 2012, updated ... Security
Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards Juan Perez-etchegoyen , Jordan Santarsieri "Siebel and JDE platforms are a core part of our global business-critical infrastructure. Our credit ...
Hack your way to a degree: a new direction in teaching application security at universities Konsantinos Papapanagiotou Teachers of Application Security in higher education institutions and universities are presented with some unique ... Security
The Same-Origin Saga Brendan Eich I created what became known as the browser "Same-Origin Policy" (SOP) under duress for Netscape ... Security
NoSQL, no security? Will Urbanski Serving as a scalable alternative to traditional relational databases (RDBs), NoSQL databases have exploded in ... Security
SQL Server Exploitation, Escalation, and Pilfering Antti Rantasaari , Scott Sutherland During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL ...
Iran's real life cyberwar Philip Hallam-baker "The recent Stuxnet, Flame and CA compromises involving Comodo and DigiNotar had three common elements, ... Security
Real World Cloud Application Security Jason Chan "This presentation will provide the audience with a case study of how real world organizations ... Security
Builders Vs. Breakers Jon Rose , Brett Hardin , Matt Konda Builders vs. Breakers is a fast paced highly interactive game show debate style talk. Each ...
Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs Tobias Gondrom "In the last year, 2011, major trusted CAs providing trusted certificates for SSL/TLS in browser ... Security
XSS & CSRF with HTML5 - Attack, Exploit and Defense Shreeraj Shah HTML5 driven CSRF with XMLHttpRequest (Level 2) CSRF with two way attack stream Cross Site ... Security
The Application Security Ponzi Scheme: Stop paying for security failure Matt Tesauro , Jarret Raim Consider the major classes of threats that have been significantly mitigated in the past. For ...
Get off your AMF and dont REST on JSON Dan Kuykendall HTTP is being used to transport new request formats such as those from mobile apps, ... Security
Unraveling Some of the Mysteries around DOM-Based XSS Dave Wichers DOM-based XSS was first revealed to the world back in 2005 by Amit Klien, when ... Security
The 7 Qualities of Highly Secure Software Mano Paul The applications on the web, mobile, and the cloud, all have one thing in common: ... Security
Web Framework Vulnerabilities Abraham Kang This talk will give participants an opportunity to practically code review Web Application Framework based ... Security
Web App Crypto - A Study in Failure Travis H Seldom in cryptography do we have any unconditional proofs of the difficulty of defeating our ... Security
Origin(al) Sins Alex Russell "The web has a Confused Deputy problem at the heart of many of our hardest ... Security
Using Interactive Static Analysis for Early Detection of Software Vulnerabilities Bill Chu We present our work of using interactive static analysis to improve upon static analysis techniques ... Security
Pining For the Fjords: The Role of RBAC in Today's Applications Wendy Nather Is role-based access control (RBAC) really dead? It has a few snipers lined up to ... Security
Counterintelligence Attack Theory Fred Donovan This presentation is centered on a new theory of attack prevention known as the Counterintelligence ... Security
Top Strategies to Capture Security Intelligence for Applications John Dickson "Security professionals have years of experience logging and tracking network security events to identify unauthorized ... Security
Four Axes of Evil Hd Moore Abstract: This presentation focuses on large-scale internet vulnerability research from four unique perspectives, identifying patterns ... Security