AppSecUSA 2012.com


 * AppSecUSA Presentations and Talks

10:00 am - 10:45 am (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements
John Benninghoff | Developer | Building Predictable Systems using Behavioral Security Modeling - PDF ! scope="col" align="left" width="100%" |

Top Ten Web Defenses
Jim Manico | Mobile | Top 10 Defenses for Website Security - PDF ! scope="col" align="left" width="100%" |

Mobile Applications & Proxy Shenanigans
Dan Amodio | Mobile | Presentation not available ! scope="col" align="left" width="100%" |

Reverse Engineering “Secure” HTTP APIs With An SSL Proxy
Alejandro Caceres | Reverse Engineering | Presentation not available ! scope="col" align="left" width="100%" |

Gauntlt: Rugged by Example
Jeremiah Shirk | Rugged devops | Presentation not available
 * }

11:00 am - 11:45 am (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Building a Web Attacker Dashboard with ModSecurity and BeEF
Ryan Barnett | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
Sherif Koussa | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Cracking the Code of Mobile Application
Sreenarayan Ashokkumar | Mobile | Cracking the Mobile Application Code - PDF ! scope="col" align="left" width="100%" |

Hacking .NET Application: Reverse Engineering 101
Jon Mccoy | Reverse Engineering | Presentation not available ! scope="col" align="left" width="100%" |

Doing the unstuck: How Rugged cultures drive Biz & AppSec Value
Josh Corman | Rugged devops | Doing the unstuck: How Rugged cultures drive Biz & AppSec Value - PDF
 * }

2:00 pm - 2:45 pm (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Hacking with WebSockets
Vaagn Toukharian | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Bug Bounty Programs
Michael Coates, Chris Evans, Jeremiah Grossman, Adam Mein, Alex Rice | Developer | Presentation Not available ! scope="col" align="left" width="100%" |

How we tear into that little green man
Mathew Rowley | Mobile | Presentation not available ! scope="col" align="left" width="100%" |

AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life
Jerry Hoff | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Put your robots to work: security automation at Twitter
Justin Collins, Neil Matatall, Alex Smolen | Rugged devops | Presentation Not available
 * }

3:00 pm - 3:45 pm (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Exploiting Internal Network Vulns via the Browser using BeEF Bind
Michele Orru | Attack | Presentation not available ! scope="col" align="left" width="100%" |

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
Shay Chen | Developer | Gaining Access to the Source Code & Server Side Memory Structure of ANY Application - PDF ! scope="col" align="left" width="100%" |

Demystifying Security in the Cloud: AWS Scout
Jonathan Chittenden | Cloud | Demystifying Security in the Cloud - PDF ! scope="col" align="left" width="100%" |

I>S+D! - Interactive Application Security Testing (IAST), Beyond SAST/DAST
Ofer Maor | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Rebooting (secure) software development with continuous deployment
Nick Galbreath | Rugged devops | Presentation not available
 * }

4:00 pm - 4:45 pm (Thursday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Cross Site Port Scanning
Riyaz Walikar | Attack | Cross Site Port Scanning - PDF ! scope="col" align="left" width="100%" |

Analyzing and Fixing Password Protection Schemes
John Steven | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Static Analysis of Java Class Files for Quickly and Accurately Detecting Web-Language Encoding Methods
Arshan Dabirsiaghi, Alex Emsellem, Matthew Paisner | Attack | Presentation not available ! scope="col" align="left" width="100%" |

WTF - WAF Testing Framework
Yaniv Azaria, Amichai Shulman | Architecture | WAF Testing Framework - PDF ! scope="col" align="left" width="100%" |

DevOps Distilled: The DevOps Panel at AppSec USA
Josh Corman, Nick Galbreath, Gene Kim, David Mortman, James Wickett | Rugged devops | DevOps Distilled - PDF
 * }

10:00 am - 10:45 am (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Effective approaches to web application security
Zane Lackey | Developer | Effective approaches to web application security - PDF ! scope="col" align="left" width="100%" |

Why Web Security Is Fundamentally Broken
Jeremiah Grossman | Developer | Why Web Security Is Fundamentally Broken - PDF ! scope="col" align="left" width="100%" |

Payback on Web Attackers: Web Honeypots
Simon Roses Femerling | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

Spin the bottle: Coupling technology and SE for one awesome hack
David Kennedy | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Incident Response: Security After Compromise
Richard Bejtlich | Case Studies | Presentation not available
 * }

11:00 am - 11:45 am (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

The Same-Origin Saga
Brendan Eich | Developer | The Same-Origin Saga - PDF ! scope="col" align="left" width="100%" |

Hack your way to a degree: a new direction in teaching application security at universities
Konstantinos Papapanagiotou | Developer | Hack your way to a degree - PDF ! scope="col" align="left" width="100%" |

The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems
Dan Cornell, Josh Sokol | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

Blended Threats and JavaScript: A Plan for Permanent Network Compromise
Phil Purviance | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards
Juan Perez-Etchegoyen, Jordan Santarsieri | Case Studies | Presentation not available
 * }

1:00 pm - 1:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Builders Vs. Breakers
Brett Hardin, Matt Konda, Jon Rose | Developer | Builders-vs-Breakers - PDF ! scope="col" align="left" width="100%" |

Real World Cloud Application Security
Jason Chan | Cloud | Presentation not available ! scope="col" align="left" width="100%" |

NoSQL, no security?
Will Urbanski | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

SQL Server Exploitation, Escalation, and Pilfering
Antti Rantasaari, Scott Sutherland | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Iran's real life cyberwar
Phillip Hallam-Baker | Case Studies | Iran’s Real Life Cyberwar - PDF
 * }

2:00 pm - 2:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Get off your AMF and don’t REST on JSON
Dan Kuykendall | Developer | Get off your AMF and don’t REST on JSON - PDF ! scope="col" align="left" width="100%" |

Unraveling Some of the Mysteries around DOM-Based XSS
Dave Wichers | Developer | Unraveling some Mysteries around DOM-based XSS - PDF ! scope="col" align="left" width="100%" |

Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
Tobias Gondrom | Architecture | Securing the SSL channel against man-in-the-middle attacks - PDF ! scope="col" align="left" width="100%" |

XSS & CSRF with HTML5 - Attack, Exploit and Defense
Shreeraj Shah | Attack | Presentation not available ! scope="col" align="left" width="100%" |

The Application Security Ponzi Scheme: Stop paying for security failure
Jarret Raim, Matt Tesauro | Case Studies | Presentation not available
 * }

3:00 pm - 3:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Using Interactive Static Analysis for Early Detection of Software Vulnerabilities
Bill Chu | Developer | Static Analysis for Early Detection of Software Vulnerabilities - PDF ! scope="col" align="left" width="100%" |

Origin(al) Sins
Alex Russell | Developer | Presentation not available ! scope="col" align="left" width="100%" |

The 7 Qualities of Highly Secure Software
Mano 'dash4rk' Paul | Architecture | ! scope="col" align="left" width="100%" |

Web Framework Vulnerabilities
Abraham Kang | Attack | Web App Framework Based Vulnerabilies - PDF ! scope="col" align="left" width="100%" |

Web App Crypto - A Study in Failure
Travis H | Case Studies | Web App Cryptology A Study in Failure - PDF
 * }

4:00 pm - 4:45 pm (Friday)
{| cellpadding="5" cellspacing="0" style="background:#F2F5F7; border:1px solid #CCCCCC;" width="100%" ! scope="col" align="left" width="100%" |

Security at Scale
Yvan Boily | Developer | Presentation not available ! scope="col" align="left" width="100%" |

Four Axes of Evil
HD Moore | Developer | Four Axes of Evil - PDF ! scope="col" align="left" width="100%" |

Pining For the Fjords: The Role of RBAC in Today's Applications
Wendy Nather | Architecture | Presentation not available ! scope="col" align="left" width="100%" |

Counterintelligence Attack Theory
Fred Donovan | Attack | Presentation not available ! scope="col" align="left" width="100%" |

Top Strategies to Capture Security Intelligence for Applications
John Dickson | Case Studies | Top Strategies to Capture Security Intelligence for Applications - PDF


 * }