SCHEDULE/SLIDES/VIDEO Schedule, slides, and video for OWASP AppSec USA 2011 - September 20-23 Slides & Video Conference Program Talks Listing Speaker Biographies Talks at a Glance PDF Pricing and Registration We will post slides as they are received. We hope to have video of all of the talks posted by the end of November 2011. Pricing and CPE Credits Pricing and group registration discount information here. One could earn up to 16 CPE credits by having attended the talks (attendees must self-submit CPEs). September 20-21 Training - 0730-0830: Check-in and Continental Breakfast
- 0830-1030: Class
- 1030-1045: Coffee Break
- 1045-1200: Class
- 1200-1300: Lunch
- 1300-1500: Class
- 1500-1515: Coffee Break
- 1515-1630: Class
September 21 September 22-23, 2011 The CTF and vendor showroom were open all day during the talks. The Open Source Showcase ran 0920-1640 during the talks on September 22-23, 2011. The OSS schedule is posted below, after the conference talks schedule. Conference Check-in - Thursday, September 22: Available all day starting at 0730
- Friday, September 23: Available all day starting at 0730
We will post slides as they are received. We hope to have video of all of the talks posted by the end of November 2011. Thursday, September 22, 2011 | Time | Attacks &
Defenses | Cloud | Mobile | Thought
Leadership | | 0730-0830 | CONTINENTAL BREAKFAST | | 0830-0920 | KEYNOTE
Mark Curphey
Community - The Killer App (Video - starts at time marker 5:30, PDF) | | 0920-0930 | BREAK | | 0930-1020 | Andrés Riancho
Web Application Security Payloads (Video, PDF) | Andy Murren
SwA and the Cloud - Counting the Risks (Video, PPTX) | Patrick Tatro
Principles of Patrolling: Applying Ranger School to Information Security (Video, PPTX)
* Thank you to Patrick who, true to form, willingly stepped forward as an alternate | Arian Evans
Six Key Metrics: A look at the future of appsec (Video, sorry - no slides) | | 1020-1040 | COFFEE BREAK | | 1040-1130 | Jim Manico
Ghosts of XSS Past, Present and Future (Video, PDF) | Shankar Babu Chebrolu, PhD, CISSP
Top Ten Risks with Cloud that will keep you Awake at Night (Video, PPTX) | Ryan W Smith
STAAF: An Efficient Distributed Framework for Performing Large-Scale Android Application Analysis (Video, PDF) | Charles Henderson
Global Security Report (PDF) | | 1130-1140 | BREAK | | 1140-1230 | Shreeraj Shah
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2) (Video, PDF) | Scott Matsumoto
Threat Modeling in the Cloud: What You Don’t Know Will Hurt You! (Video, PDF) | Tom Fischer
Lessons Learned Building Secure ASP.NET Applications (Video, PDF)
* Moved from Patterns Track for scheduling purposes | John Benninghoff
Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems (Video, PDF) | | 1230-1330 | LUNCH & OWASP FOUNDATION BOARD DISCUSSION
Jeff Williams (Chair), Tom Brennan, Eoin Keary, Matt Tesauro, Dave Wichers, and incoming board member Michael Coates (Video, PDF)
* Sebastien Deleersnyder was unable to attend due to a scheduling conflict. | | 1330-1420 | Javier Marcos de Prado, Juan Galiana Lara
Pwning intranets with HTML5 (Video, PDF) | Dan Cornell
The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching (Video, PDF) | Mike Park
Android Security, or This is not the Kind of "Open" I Meant... (Video, PPTX) | Rafal Los, Mike McCormick, Christophe Veltsos, Jeff Williams
Making it in Information Security and Application Security (Video, PPT) | | 1420-1430 | BREAK | | 1430-1520 | Ganesh Devarajan, Todd Redfoot
Keeping up with the Web-Application Security (Video, PPTX) | Matt Tesauro
Testing from the Cloud: Is the Sky Falling? (Video, PDF) | Kevin Stadmeyer, Garrett Held
Hacking (and Defending) iPhone Applications (Video, PPTX) | John B. Dickson, CISSP
Software Security: Is OK Good Enough? (Video, PDF) | | 1520-1540 | COFFEE BREAK | | 1540-1630 | Jon McCoy (DigitalBodyGuard)
Hacking .NET (C#) Applications: The Black Arts (Video, PDF) | Adrian Lane
CloudSec 12-Step (Video, PDF) | Ashkan Soltani, Gerrit Padgham
When Zombies Attack - a Tracking Love Story (Video, PDF) | Jeff Williams
AppSec Inception - Exploiting Software Culture (Video, Prezi [Flash]) | | 1630-1700 | UNIVERSITY CHALLENGE WINNERS TALK! (Video, PPT) | | 1700-1800 | HAPPY HOUR | Friday, September 23, 2011 | Time | Software
Assurance | OWASP | Patterns | Secure SDLC | | 0730-0830 | CONTINENTAL BREAKFAST | | 0830-0920 | KEYNOTE
Ira Winkler (Video, PPT) | | 0920-0930 | BREAK | | 0930-1020 | Richard Struse
Software Assurance Automation throughout the Lifecycle (Video, PPTX) | Michael Coates
Pure AppSec, No Fillers or Preservatives - OWASP Cheat Sheet Series (Video, PDF)
Colin Watson
OWASP Codes of Conduct (PDF) | Dr. Bill Chu, Jing Xie
Secure Programming Support in IDE (Video, PDF) | Brian Chess
Gray, the New Black: Gray-Box Web Penetration Testing (Video, PPTX) | | 1020-1040 | COFFEE BREAK | | 1040-1130 | Ryan Stinson
Improve your SDLC with CAPEC and CWE (Video, PPTX) | Jack Mannino, Zach Lanier, Mike Zusman
OWASP Mobile Top 10 Risks (Video, PPTX) | Aditya K Sood, Richard Enbody
The Good Hacker - Dismantling Web Malware (Video, PDF) | Chris Wysopal
Application Security Debt and Application Interest Rates (Video, PPT) | | 1130-1140 | BREAK | | 1140-1230 | Chuck Willis, Kris Britton
Sticking to the Facts: Scientific Study of Static Analysis Tools (Video, PDF) | Simon Bennetts
Introducing the OWASP Zed Attack Proxy (Video, PPTX) | Justin Collins, Tin Zaw
Brakeman and Jenkins: The Duo Detect Defects in Ruby on Rails Code (Video, PPTX) | Mike Ware
Simplifying Threat Modeling (Video, PDF) | | 1230-1330 | LUNCH & KEYNOTE Moxie Marlinspike (Video, PDF) | | 1330-1420 | Adam Meyers
Mobile Applications Software Assurance (Video, PDF) | Anthony J. Stieber
How NOT to Implement Cryptography for the OWASP Top 10 (Video, PDF) | Michael Coates
Security Evolution - Bug Bounty Programs for Web Applications (Video, PDF) | Wendy Nather (moderator), Dinis Cruz, Chris Eng, Jerry Hoff, Darren Meyer, John Steven, Sean Fay
Speeding Up Security Testing Panel (Video, PPTX) | | 1420-1430 | BREAK | | 1430-1520 | Charles Schmidt
You're Not Done (Yet) - Turning Securable Apps into Secure Installations using SCAP (Video, PPTX) | Beef (Chris Schmidt), Kevin Wall
ESAPI 2.0 - Defense Against the Dark Arts (Video, PPT)
Jason Li
OWASP Projects Portal Launch! (5-10 Minutes) (Video, PPTX) | Srini Penchikala
Messaging Security using GlassFish 3.1 and Open Message Queue (Video, PDF) | Glenn Leifheit (moderator), Andreas Fuchsberger, Ajoy Kumar, Richard Tychansky, Alessandro Moretti
Application Security Advisory Board SDLC Panel (Video, PPTX) | | 1520-1540 | COFFEE BREAK | | 1540-1630 | Michelle Moss, Nadya Bartol
Why do developers make these dangerous software errors? (Video, PPTX) | Ryan Barnett
OWASP CRS and AppSensor Project (Video, Prezi [Flash]) | Alex Smolen
Application Security and User Experience (Video, PDF) | Gunnar Peterson
Mobile Web Services (Video, sorry - no slides)
* Moved from Mobile Track for scheduling purposes | | 1630-1640 | BREAK | | 1640-1730 | RECAP AND LOOKING AHEAD TO THE NEXT TEN YEARS AND APPSEC USA 2012 | Open Source Showcase See the Open Source Showcase page for more information on the open source demos that ran concurrently with the conference talks. Thursday, September 22, 2011 | Time | Booth A | Booth B | Booth C | Booth D | Booth E | | 0920-1300 | Global Projects Committee | ModSecurity - Open Source Web Application Firewall
Ryan Barnett | Armitage: Fast and Easy Hacking for Metasploit
Raphael Mudge | MozSecWorld
Michael Coates | w3af demos, Q&A, and code walkthrough
Andrés Riancho | | 1300-1640 | Global Projects Committee | Vega: Cross-Platform, Open Source Web Application Assessment Platform
David Mirza | Armitage: Fast and Easy Hacking for Metasploit
Raphael Mudge | OWASP Broken Web Application Project Demo
Chuck Willis | OWASP O2 Platform
Dinis Cruz | Friday, September 23, 2011 | Time | Booth A | Booth B | Booth C | Booth D | Booth E | | 0920-1300 | Global Projects Committee | ModSecurity - Open Source Web Application Firewall
Ryan Barnett | * Empty due to scheduling conflict | Visualizing Tracking on the Web
Sid Stamm | OWASP O2 Platform
Dinis Cruz | | 1300-1640 | Global Projects Committee | Vega: Cross-Platform, Open Source Web Application Assessment Platform
David Mirza | * Empty due to scheduling conflict | Visualizing Tracking on the Web
Sid Stamm | JavaScript Analysis Platform
Praveen Murthy | |
