OWASPAppSecCalifornia 2014 Jan. 27, 2014 to Jan. 28, 2014, California,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Welcome Address Neil Matatall , Richard Greenberg N/A
Keynote Robert J. Hansen , Michael Coates N/A
AppSec at DevOps Speed and Portfolio Scale Jeff Williams Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, ...
Attack Driven Defense Zane Lackey Traditionally, defense has been approached without enough emphasis on countering real world attack behaviors. This ...
Confessions of a Social Engineer: Why Developers Are My Favorite Target Valerie Thomas Social engineers use a dangerous combination of technology and old fashioned con artistry to infiltrate ...
An inconvenient Zeus: The rise of Saas targeted malware Ami Luttwak We at Adallom are proposing a session where we will showcase a new variant of ...
CSO's Myopia Jordan Bonagura Before reading this article imagine what it would be like to manage your company without ...
Mantra OS Gregory Disney OWASP Mantra OS was developed under the mantra of “OWASP because the world is cruel”;The ...
Can AppSec Training Really Make a Smarter Developer? John Dickson Most application risk managers agree that training software developers to understand security concepts can be ...
PRISM-AS-A-SERVICE: Not Subject to American Law Lynn Root X-as-a-Service products are integral in the U.S. tech industry with their ability to take the ...
Warning Ahead: Security Storms are Brewing in Your JavaScript Maty Siman JavaScript controls our lives – we use it to zoom in and out of a ...
HTTP Time Bandit Vaagn Toukharian , Tigran Gevorgyan While web applications have become richer to provide a higher level user experience, they run ...
Million Browser Botnet Jeremiah Grossman , Matt Johansen Online advertising networks can be a web hacker¹s best friend. For mere pennies per thousand ...
Whiz, Bang, ZAP! An introduction to OWASP's Zed Attack Proxy Ben Walther The OWASP Zed Attack Proxy (ZAP) is "an easy to use integrated penetration testing tool ...
Securing the Software Supply Chain John Weinschenk In today’s digitally connected world, organizations must work with multiple partners across their lines of ...
Adventures in Reviewing Mountains of Code Jon Boyd I recently found myself at a client site, faced with 2.6 million lines of code; ...
DIY Command & Control For Fun And *No* Profit David healwhans Schwartzberg This talk is called "DIY Command & Control For Fun And *No* Profit" because many ...
The Cavalry Is Us: Protecting the public good Beau Woods In the Internet of Things, security issues have grown wellbeyond our day jobs. Our dependence ...
Opening Remarks Neil Matatall , Richard Greenberg N/A
Keynote:Application Sandboxes: Know thy limits Rahul Kashyap As we secure applications leveraging sandboxes, it is important to understand the attack surface as ...
CSRF: not all defenses are created equal Ari Elias-bachrach CSRF is an often misunderstood vulnerability. In this talk I will introduce CSRF and the ...
Running At 99%: Surviving An Application DoS Ryan Huber Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on ...
Anatomy of a Webshell D0n Quixote WebShells are an often misunderstood and overlooked form of malware. Yet they continue to be ...
Privacy's Past, Present and Future Robert Rowley The concept of one’s privacy is simple, everyone has their own internal definition and everyone ...
libinjection: from SQLi to XSS Nick Galbreath libinjection was introduced at Black Hat USA 2012 to quickly and accurately detect SQLi attacks ...
OWASP Top Ten Proactive Controls Jim Manico You cannot hack your way secure! The OWASP Proactive Controls is a "Top 10 like ...
What is CSP and why haven't you applied it yet? Patrick Thomas , Joel Weinberger , Scott Behrens , Kenneth Lee , Ian Melven , Caleb Queern , Garret Robinson It’s 2013, and cross-site scripting is still on the OWASP top 10, ten years after ...
7 Deadly Sins: Unlock the Gates of Mobile Hacking Heaven Dan Kuykendall N/A
HTML 5 Security Joe Basirico • What is HTML 5.0? o New features • HTML & Security o Cross Origin ...
Next Generation Red Teaming Robert Wood Too often organizations conduct assessments within a vacuum: physical, network, social, or application-layer. Attackers do ...
Keynote :Why Infosec Needs Rugged DevOps Now: A Fifteen Year Study Of High Performing IT Organizations Gene H. Kim The velocity of modern IT is breathtaking: while most IT organizations struggle with monthly releases, ...