AppSec USA 2013 Nov. 18, 2013 to Nov. 21, 2013, New York, USA
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| OWASP Media Project Introduction | Jonathan Marcil | The OWASP Media Project is an infrastructure project that gathers, consolidates, and promotes OWASP content ... | |
| Project Summit: OWASP Projects Review Session | Johanna Curiel , Samantha Groves | During the OWASP Projects Review working session, attendees will be able to participate in the ... | |
| 2 Day Pre-Conference Training: Application Cryptanalysis with Bletchley | Timothy Morgan | Abstract: Use of cryptography permeates todays computing infrastructures. While few programmers attempt to implement sophisticated ... | |
| 2 Day Pre-Conference Training: Running A Software Security Program On Open Source Tools | Dan Cornell | Abstract: Using the Software Assurance Maturity Model (OpenSAMM) as a framework, this course walks through ... | |
| 2 Day Pre-Conference Training: Securing Mobile Devices & Applications | David Lindner , Dan Amodio | Overview: Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, ... | |
| 2 Day Pre-Conference Training: The Art of Exploiting Injection Flaws | Sumit "sid" Siddharth | Overview OWASP rates injection flaws as the most critical vulnerability within the Top 10 most ... | |
| 2 Day Pre-Conference Training: Web Application Defender's Cookbook: LIVE | Ryan C. Barnett | Can you answer these questions? • Are your web applications secure? • Do you know ... | |
| Project Summit: ESAPI Hackathon Session | Jeff Williams , Chris Schmidt , Kevin Wall | Take part in building the next generation of the Enterprise Security API. In this hackathon ... | |
| OWASP PHP Security and RBAC Projects: An introduction | Abbas Naderi | The aim of this session is to introduce attendees to both projects, and to get ... | |
| Project Summit: AppSensor 2.0 Hackathon | John T. Melton | Take part in building the next generation of AppSensor. In this hackathon we will focus ... | |
| Bug Bounty - Group Hack | Dinis Cruz , Jeremiah Grossman , Tom Brennan , Simon Roses Femerling , Samantha Groves , Serg Belokamen , Casey Ellis | Microsoft, Facebook, OWASP, Google and Paypal crowdsource their security with Bug Bounty programs, join the ... | |
| Project Summit: Mobile Security Session | Jack Mannino , Jason Haddix | Just as the mobile security landscape has changed, so has the OWASP Mobile Project. Join ... | |
| Project Summit: Training Development Session | Konstantinos Papapanagiotou , Martin Knobloch | Training is an important part of OWASP's mission as it helps not only in increasing ... | |
| Project Summit: Academies Development Session | Konstantinos Papapanagiotou , Martin Knobloch | The OWASP Academies program aims to bring together academic institutions from all over the world ... | |
| Hands-on Ethical Hacking: Preventing and Writing Exploits for Buffer Overflows | Ralph Durkee | A ntense 2.5 hours hands-on course where you will find a buffer overflow vulnerability and ... | |
| Let us get this event started! | Tom Brennan , Sarah elizabeth Baso , Israel Bryski , Peter Dean , Kate Hartmann , Kelly Santalucia | Presentation will include kick-off with details about the activities that will happen, changes to the ... | |
| Keynote:Computer and Network Security: I Think We Can Win! | William R. Cheswick | Some think that computer and network security is a lost cause. I have spent forty ... | |
| Keynote:Project Summit: Writing and Documentation Review Session | Michael Hidalgo , Samantha Groves | OWASP Documentation Projects are a key element in the industry. They are broadly adopted and ... | |
| Hardening Windows 8 apps for the Windows Store | Bill Sempf | Security and privacy in mobile development has been a topic in the iOS and Android ... | |
| The Perilous Future of Browser Security | Robert J. Hansen | The tradeoffs required to make a secure browser are often largely poorly understood even amongst ... | |
| Automation Domination | Brandon Spruth | Building your application security automation program as part of the Software Development Lifecycle (SDLC) with ... | |
| How To Stand Up an AppSec Program - Lessons from the Trenches | Joe Friedman | We all know the importance of building security into the development of a company’s applications. ... | |
| PANEL: Aim-Ready-Fire | Sean Barnum , Ajoy Kumar , Pravir Chandra , Wendy Nather , Suprotik Ghose , Jason Rothhaupt , Ramin Safai | Software assurance in the past 5 - 6 years has emerged as the key focus ... | |
| Project Talk: Project Leader Workshop | Samantha Groves | The Project Leader Workshop is a 45 minute event activity that brings together current and ... | |
| OWASP PCI toolkit Session | Johanna Curiel | Join us and learn how to help organizations achieve PCI-DSS compliance with OWASP tools & ... | |
| From the Trenches: Real-World Agile SDLC | Chris Eng | Ideally, all organizations would incorporate security into their Agile development processes; however, best-practices Agile SDL ... | |
| Securing Cyber-Physical Application Software | Warren Axelrod | Researchers and practitioners have not historically addressed sufficiently the fact that software engineers responsible for ... | |
| Why is SCADA Security an Uphill Battle? | Amol Sarwate | This talk will present technical security challenges faced by organizations that have SCADA, critical infrastructure ... | |
| Computer Crime Laws - Tor Ekeland, Attorney | Tor Ekeland | The Computer Fraud and Abuse Act: An Overview The notorious Computer Fraud and Abuse Act ... | |
| Can AppSec Training Really Make a Smarter Developer? | John Dickson | Most application risk managers agree that training software developers to understand security concepts can be ... | IncludeThinkstScapes |
| Project Talk: OWASP Enterprise Security API Project | Kevin Wall , Chris Schmidt | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control ... | |
| All the network is a stage, and the APKs merely players: Scripting Android Applications | Daniel Peck | The existance of open well defined APIs for many popular websites has been a boon ... | |
| BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors | Jason Haddix , Dawn Isabel | The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit ... | |
| Case Study: 10 Steps to Agile Development without Compromising Enterprise Security | Yair Rovek | In an Agile, fast paced environment with frequent product releases, security code reviews & testing ... | |
| Build but don't break: Lessons in Implementing HTTP Security Headers | Kenneth Lee | Content Security Policy is a new standard from the WC3 that aims to help stop ... | |
| The Cavalry Is Us: Protecting the public good | Nicholas J. Percoco , Joshua Corman | Description: In the Internet of Things, security issues have grown well beyond our day jobs. ... | |
| OWASP NIST NSTIC IDecosystem Initiative: Initial Discussion Meeting | Bev Corwin | N/A | |
| Mantra OS: Because The World is Cruel | Greg Disney-leugers | OWASP Mantra OS was developed under the mantra of “OWASP because the world is cruel”; ... | |
| HTML5: Risky Business or Hidden Security Tool Chest? | Johannes Ullrich | The term "HTML5" encompasses a number of new subsystems that are currently being implemented in ... | |
| A Framework for Android Security through Automation in Virtual Environments | Parth Patel | This session introduces a practical approach to securing Android applications through an automated framework. The ... | |
| 2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs | Marco M. Morana , Tobias Gondrom | As organization born from grass root ideals and volunteering efforts that stared 12 years ago ... | |
| PANEL: Privacy or Security: Can We Have Both? | Steven Rambam , Jim Manico , Jeff Fox , Joseph Concannon , James Elste , Amy Neustein , Jack Radigan | Often confused with each other, security and privacy are both interdependent (privacy generally requires robust ... | |
| Project Talk: OWASP OpenSAMM Project | Dinis Cruz , Pravir Chandra , Seba Deleersnyder , Michael Hidalgo | The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and ... | |
| Javascript libraries (in)security: A showcase of reckless uses and unwitting misuses. | Stefano Di Paola | Client side code is a growing part of the modern web and those common patterns ... | |
| Revenge of the Geeks: Hacking Fantasy Sports Sites | Dan Kuykendall | In this talk, I’ll show how all my IT security geek friends in the OWASP ... | |
| What You Didn't Know About XML External Entities Attacks | Timothy Morgan | The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. ... | |
| "What Could Possibly Go Wrong?" - Thinking Differently About Security | Mary Ann Davidson | Almost all security professionals have one or more headshaking security stories caused by everything from ... | |
| PANEL: Cybersecurity and Media: All the News That's Fit to Protect? | Space Rogue , Dylan Tweney , Michael Carbone , Rajiv Pant , Gordon Platt , Nico Sell | It's no longer possible to be in the news media without being security savvy. Edward ... | |
| Project Talk: The OWASP Education Projects | Konstantinos Papapanagiotou , Martin Knobloch | The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project ... | |
| Advanced Mobile Application Code Review Techniques | Sreenarayan A | Advanced Mobile Application Code Review Techniques Abstract: Learn how Mobile experts blend their techniques in ... | |
| OWASP Zed Attack Proxy | Simon Bennetts | The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. It ... | |
| Pushing CSP to PROD: Case Study of a Real-World Content-Security Policy Implementation | Brian Holyfield , Erik Larsson | Widespread adoption of Content Security Policy (CSP) by most modern browsers has led many organizations ... | |
| Making the Future Secure with Java | Milton Smith | The world is not the same place it was when Java started. It’s 2013, and ... | |
| PANEL: Mobile Security 2.0: Beyond BYOD | Jason Rouse , Stephen Wellman , Devindra Hardawar , Daniel Miessler | BYOD has moved quickly from technology concept to business reality. Today's workers bring the mobile ... | |
| Project Talk: OWASP Security Principles Project | Dennis Groves | The OWASP Security Principles Project aims to distill the fundamentals of security into a set ... | |
| OWASP Top Ten Proactive Controls | Jim Manico | You cannot hack your way secure! The OWASP Proactive Controls is a "Top 10 like ... | |
| Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud) | Tsvika Klein , Ory Segal | Presentation Title: "Big Data Intelligence" Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve ... | |
| Forensic Investigations of Web Explotations | Ondrej Krehel | Investigation of hacking incidents often requires combine effort of different technologies. Evidence and forensics artifacts ... | |
| Sandboxing JavaScript via Libraries and Wrappers | Phu H. Phung | The large majority of websites nowadays embeds third-party JavaScript into their pages, coming from external ... | |
| Tagging Your Code with a Useful Assurance Label | Sean Barnum , Robert Martin | With so many ways for software to be vulnerable, businesses needs a way to focus ... | |
| Healthcare Security Forum | Amy Neustein , Judith Fincher | N/A | |
| OWASP Jeopardy | Jerry Hoff | This interactive activity will be a fun filled event where top security professionals will get ... | |
| UNION SELECT `This_Talk` AS ('New Exploitation and Obfuscation Techniques’)%00 | Roberto Salgado | This talk will present some of the newest and most advanced optimization and obfuscation techniques ... | |
| Defeating XSS and XSRF using JSF Based Frameworks | Stephen Wolf | During several recent code review engagements, I have discovered that developers sometimes gain a feeling ... | |
| Contain Yourself: Building Secure Containers for Mobile Devices | Ronald Gutierrez | In today's world, everyone wants access to information from his or her personal mobile device. ... | |
| Mobile app analysis with Santoku Linux | Hoog Andrew | Did you think there were a lot of mobile devices and platforms out there? Check ... | |
| AppSec at DevOps Speed and Portfolio Scale | Jeff Williams | Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, ... | IncludeThinkstScapes |
| Project Summit: ZAP Hackathon Session | Simon Bennetts | This session is a chance for people to learn how to work on ZAP from ... | |
| iOS Application Defense - iMAS | Gregg Ganley | iOS application security can be *much* stronger and easy for developers to find, understand and ... | |
| PiOSoned POS - A Case Study in iOS based Mobile Point-of-Sale gone wrong | Mike Park | Mobile Point of Sale (POS) are becoming more and more common in a wide variety ... | |
| Accidental Abyss: Data Leakage on The Internet | Kelly Fitzgerald | PII is personally identifiable information. In the information age, seemingly useless bits of PII can ... | |
| Leveraging OWASP in Open Source Projects - CAS AppSec Working Group | David Ohsie , Bill Thompson , Aaron Weaver | The CAS AppSec Working Group is a diverse volunteer team of builders, breakers, and defenders ... | |
| Project Talk and Training: OWASP O2 Platform | Dinis Cruz | The O2 platform represents a new paradigm for how to perform, document and distribute Web ... | |
| OWASP Hackademic: a practical environment for teaching application security | Konstantinos Papapanagiotou | Teachers of Application Security in higher education institutions and universities are presented with some unique ... | |
| An Introduction to the Newest Addition to the OWASP Top 10. Experts Break-Down the New Guideline and Offer Provide Guidance on Good Component Practice | Ryan Berg | Experts in the field of application security and open source software development discuss the new ... | |
| Verify your software for security bugs | Simon Roses Femerling | Verification is an important phase of developing secure software that is not always addressed in ... | |
| The State Of Website Security And The Truth About Accountability and “Best-Practices” | Jeremiah Grossman | Whether you read the Verizon Data Breach Incidents Report, the Trustwave Global Security Report, the ... | |
| Insecure Expectations | Matt Konda | Many developers rely on tests or specs (with expectations) to verify that our code is ... | |
| OWASP Periodic Table of Elements | James Landis | After 25 years of software engineering since the first Internet worm was written to exploit ... | |
| Application Security: Everything we know is wrong | Eoin Keary | The premise behind this talk is to challenge both the technical controls we recommend to ... | IncludeThinkstScapes |
| PANEL: Women in Information Security: Who Are We? Where Are We Going? (Salon 1 & 2) | Joan Goodchild , Dawn-marie Hutchinson , Gary Phillips , Carrie Schaper , Valene Skerpac | N/A | |
| Project Talk: OWASP Testing Guide | Matteo Meucci , Andrew Mueller | This project’s goal is to create a “best practices” web application penetration testing framework which ... | |
| Hack.me: a new way to learn web application security | Armando Romeo | The Hack.me (https://hack.me) project is a worldwide, FREE for all platform where to build, host ... | |
| Hacking Web Server Apps for iOS | Bruno | Since the iPhone has been released, people have been trying to figure out different ways ... | |
| How to promote your chapter and increase attendance. This session will review different methods of promotion for your chapter all aimed at increasing meeting attendance. Topics will include social med | Kate Hartmann | N/A | |
| NIST - Missions and impacts to US industry, economy and citizens | Matthew Scholl , James St. Pierre | Title: The US National Institute of Standards and Technology (NIST), Information Technology Lab (ITL). What ... | |
| PANEL: Wait Wait... Don't Tell Me Software Security | Chris Eng , Space Rogue , Josh Corman , Mark S. Miller | N/A | |
| Project Talk: OWASP Development Guide | Andrew Stock | The Development Guide is aimed at architects, developers, consultants and auditors and is a comprehensive ... | |
| Project Summit: Open SAMM Session | Seba Deleersnyder | OWASP Software Assurance Maturity Model (SAMM) is an open framework to help organizations start and ... | |
| Buried by time, dust and BeEF | Michele Orru | For those who do not listen Mayhem and black metal, the talk title might seem ... | |
| Go Fast AND Be Secure: Eliminating Application Risk in the Era of Modern, Component-Based Development | Jeff Williams , Ryan Berg | Organizations are exposed to significant risks caused by their increasing reliance on open-source components. Component ... | |
| Modern Attacks on SSL/TLS: Let the BEAST of CRIME and TIME be not so LUCKY | Shawn Fitzgerald , Pratik Guha Sarkar | SSL/TLS is the core component for providing confidentiality and authentication in modern web communications. Recent ... | SSL IncludeThinkstScapes |
| OWASP Broken Web Applications (OWASP BWA): Beyond 1.0 | Chuck Willis | The OWASP Broken Web Applications (OWASP BWA) Project produces a free and open source virtual ... | |
| Vendor relationships | Sarah elizabeth Baso | Vendors are not the bad guys. This session will include a lively discussion on vendor ... | |
| Project Talk: OWASP AppSensor | Dennis Groves | The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement ... | IncludeThinkstScapes |
| HTTP Time Bandit | Vaagn Toukharian | HTTP Time Bandit While web applications have become richer to provide a higher level user ... | |
| Wassup MOM? Owning the Message Oriented Middleware | Gursev Singh Kalra | Message Oriented Middleware (MOM) allows disparate applications to communicate with each other by exchanging information ... | |
| The 2013 OWASP Top 10 | Dave Wichers | The OWASP Top 10 has become the defacto standard for web application security and is ... | |
| CSRF: not all defenses are created equal | Ari Elias-bachrach | CSRF is an often misunderstood vulnerability. The standard way to protect against it is by ... | |
| Project Talk: OWASP Code Review Guide | Larry Conklin | The Code Review Guide focuses on secure code reviews and tools that aim to support ... | |
| Silk, Webservers, Exploits and RATz by M4v3r1ck | Yuri | Limited Capacity seats available Disclaimer: If you have trigger issues -- please do not attend ... |