OWASP
AppSec USA
OWASP Logo
2011
Your life is in the cloud.

Minneapolis
Sched/Slides/Video
Venue/Hotel/Travel
Contact Us
FAQ
About Us
Archive
Women in AppSec
September
20-21
Training

September 21
U Challenge
Workgroups
5K/10K
September
22-23
Talks
CTF
Sponsors
OSS Showcase

SCHEDULE/SLIDES/VIDEO

Schedule, slides, and video for OWASP AppSec USA 2011 - September 20-23

Slides & Video

Conference Program

Talks Listing

Speaker Biographies

Talks at a Glance PDF

Pricing and Registration

We will post slides as they are received. We hope to have video of all of the talks posted by the end of November 2011.

 

Pricing and CPE Credits

Pricing and group registration discount information here.

One could earn up to 16 CPE credits by having attended the talks (attendees must self-submit CPEs).

 

September 20-21

Training

  • 0730-0830: Check-in and Continental Breakfast
  • 0830-1030: Class
  • 1030-1045: Coffee Break
  • 1045-1200: Class
  • 1200-1300: Lunch
  • 1300-1500: Class
  • 1500-1515: Coffee Break
  • 1515-1630: Class

 

September 21

 

September 22-23, 2011

The CTF and vendor showroom were open all day during the talks.

The Open Source Showcase ran 0920-1640 during the talks on September 22-23, 2011. The OSS schedule is posted below, after the conference talks schedule.

 

Conference Check-in

  • Thursday, September 22: Available all day starting at 0730
  • Friday, September 23: Available all day starting at 0730

 

We will post slides as they are received. We hope to have video of all of the talks posted by the end of November 2011.

 

Thursday, September 22, 2011

Time Attacks &
Defenses
Cloud Mobile Thought
Leadership
0730-0830 CONTINENTAL BREAKFAST
0830-0920 KEYNOTE
Mark Curphey

Community - The Killer App (Video - starts at time marker 5:30, PDF)
0920-0930 BREAK
0930-1020 Andrés Riancho

Web Application Security Payloads (Video, PDF)
Andy Murren

SwA and the Cloud - Counting the Risks (Video, PPTX)
Patrick Tatro

Principles of Patrolling: Applying Ranger School to Information Security (Video, PPTX)

* Thank you to Patrick who, true to form, willingly stepped forward as an alternate
Arian Evans

Six Key Metrics: A look at the future of appsec (Video, sorry - no slides)
1020-1040 COFFEE BREAK
1040-1130 Jim Manico

Ghosts of XSS Past, Present and Future (Video, PDF)
Shankar Babu Chebrolu, PhD, CISSP

Top Ten Risks with Cloud that will keep you Awake at Night (Video, PPTX)
Ryan W Smith

STAAF: An Efficient Distributed Framework for Performing Large-Scale Android Application Analysis (Video, PDF)
Charles Henderson

Global Security Report (PDF)
1130-1140 BREAK
1140-1230 Shreeraj Shah

Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2) (Video, PDF)
Scott Matsumoto

Threat Modeling in the Cloud: What You Don’t Know Will Hurt You! (Video, PDF)
Tom Fischer

Lessons Learned Building Secure ASP.NET Applications (Video, PDF)

* Moved from Patterns Track for scheduling purposes
John Benninghoff

Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems (Video, PDF)
1230-1330 LUNCH & OWASP FOUNDATION BOARD DISCUSSION
Jeff Williams (Chair), Tom Brennan, Eoin Keary, Matt Tesauro, Dave Wichers, and incoming board member Michael Coates (Video, PDF)

* Sebastien Deleersnyder was unable to attend due to a scheduling conflict.
1330-1420 Javier Marcos de Prado, Juan Galiana Lara

Pwning intranets with HTML5 (Video, PDF)
Dan Cornell

The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching (Video, PDF)
Mike Park

Android Security, or This is not the Kind of "Open" I Meant... (Video, PPTX)
Rafal Los, Mike McCormick, Christophe Veltsos, Jeff Williams

Making it in Information Security and Application Security (Video, PPT)
1420-1430 BREAK
1430-1520 Ganesh Devarajan, Todd Redfoot

Keeping up with the Web-Application Security (Video, PPTX)
Matt Tesauro

Testing from the Cloud: Is the Sky Falling? (Video, PDF)
Kevin Stadmeyer, Garrett Held

Hacking (and Defending) iPhone Applications (Video, PPTX)
John B. Dickson, CISSP

Software Security: Is OK Good Enough? (Video, PDF)
1520-1540 COFFEE BREAK
1540-1630 Jon McCoy (DigitalBodyGuard)

Hacking .NET (C#) Applications: The Black Arts (Video, PDF)
Adrian Lane

CloudSec 12-Step (Video, PDF)
Ashkan Soltani, Gerrit Padgham

When Zombies Attack - a Tracking Love Story (Video, PDF)
Jeff Williams

AppSec Inception - Exploiting Software Culture (Video, Prezi [Flash])
1630-1700 UNIVERSITY CHALLENGE WINNERS TALK! (Video, PPT)
1700-1800 HAPPY HOUR

 

Friday, September 23, 2011

Time Software
Assurance
OWASP Patterns Secure SDLC
0730-0830 CONTINENTAL BREAKFAST
0830-0920 KEYNOTE
Ira Winkler (Video, PPT)
0920-0930 BREAK
0930-1020 Richard Struse

Software Assurance Automation throughout the Lifecycle (Video, PPTX)
Michael Coates

Pure AppSec, No Fillers or Preservatives - OWASP Cheat Sheet Series (Video, PDF)

Colin Watson

OWASP Codes of Conduct (PDF)
Dr. Bill Chu, Jing Xie

Secure Programming Support in IDE (Video, PDF)
Brian Chess

Gray, the New Black: Gray-Box Web Penetration Testing (Video, PPTX)
1020-1040 COFFEE BREAK
1040-1130 Ryan Stinson

Improve your SDLC with CAPEC and CWE (Video, PPTX)
Jack Mannino, Zach Lanier, Mike Zusman

OWASP Mobile Top 10 Risks (Video, PPTX)
Aditya K Sood, Richard Enbody

The Good Hacker - Dismantling Web Malware (Video, PDF)
Chris Wysopal

Application Security Debt and Application Interest Rates (Video, PPT)
1130-1140 BREAK
1140-1230 Chuck Willis, Kris Britton

Sticking to the Facts: Scientific Study of Static Analysis Tools (Video, PDF)
Simon Bennetts

Introducing the OWASP Zed Attack Proxy (Video, PPTX)
Justin Collins, Tin Zaw

Brakeman and Jenkins: The Duo Detect Defects in Ruby on Rails Code (Video, PPTX)
Mike Ware

Simplifying Threat Modeling (Video, PDF)
1230-1330 LUNCH & KEYNOTE Moxie Marlinspike (Video, PDF)
1330-1420 Adam Meyers

Mobile Applications Software Assurance (Video, PDF)
Anthony J. Stieber

How NOT to Implement Cryptography for the OWASP Top 10 (Video, PDF)
Michael Coates

Security Evolution - Bug Bounty Programs for Web Applications (Video, PDF)
Wendy Nather (moderator), Dinis Cruz, Chris Eng, Jerry Hoff, Darren Meyer, John Steven, Sean Fay

Speeding Up Security Testing Panel (Video, PPTX)
1420-1430 BREAK
1430-1520 Charles Schmidt

You're Not Done (Yet) - Turning Securable Apps into Secure Installations using SCAP (Video, PPTX)
Beef (Chris Schmidt), Kevin Wall

ESAPI 2.0 - Defense Against the Dark Arts (Video, PPT)

Jason Li

OWASP Projects Portal Launch! (5-10 Minutes) (Video, PPTX)
Srini Penchikala

Messaging Security using GlassFish 3.1 and Open Message Queue (Video, PDF)
Glenn Leifheit (moderator), Andreas Fuchsberger, Ajoy Kumar, Richard Tychansky, Alessandro Moretti

Application Security Advisory Board SDLC Panel (Video, PPTX)
1520-1540 COFFEE BREAK
1540-1630 Michelle Moss, Nadya Bartol

Why do developers make these dangerous software errors? (Video, PPTX)
Ryan Barnett

OWASP CRS and AppSensor Project (Video, Prezi [Flash])
Alex Smolen

Application Security and User Experience (Video, PDF)
Gunnar Peterson

Mobile Web Services (Video, sorry - no slides)

* Moved from Mobile Track for scheduling purposes
1630-1640 BREAK
1640-1730 RECAP AND LOOKING AHEAD TO THE NEXT TEN YEARS AND APPSEC USA 2012

 

Open Source Showcase

See the Open Source Showcase page for more information on the open source demos that ran concurrently with the conference talks.

Thursday, September 22, 2011

Time Booth A Booth B Booth C Booth D Booth E
0920-1300 Global Projects Committee ModSecurity - Open Source Web Application Firewall

Ryan Barnett
Armitage: Fast and Easy Hacking for Metasploit

Raphael Mudge
MozSecWorld

Michael Coates
w3af demos, Q&A, and code walkthrough

Andrés Riancho
1300-1640 Global Projects Committee Vega: Cross-Platform, Open Source Web Application Assessment Platform

David Mirza
Armitage: Fast and Easy Hacking for Metasploit

Raphael Mudge
OWASP Broken Web Application Project Demo

Chuck Willis
OWASP O2 Platform

Dinis Cruz

 

Friday, September 23, 2011

Time Booth A Booth B Booth C Booth D Booth E
0920-1300 Global Projects Committee ModSecurity - Open Source Web Application Firewall

Ryan Barnett
* Empty due to scheduling conflict Visualizing Tracking on the Web

Sid Stamm
OWASP O2 Platform

Dinis Cruz
1300-1640 Global Projects Committee Vega: Cross-Platform, Open Source Web Application Assessment Platform

David Mirza
* Empty due to scheduling conflict Visualizing Tracking on the Web

Sid Stamm
JavaScript Analysis Platform

Praveen Murthy

 

Talks Icon

Talks

Sponsors Icon

Sponsors

Training Icon

Training

Capture the Flag Icon

CTF



Promotional Consideration Provided By

Corporate Donors
Cargill

Platinum
Trustwave   Security Innovation

Gold
IBM   NetSPI   Veracode

Qualys   Fortify, an HP Company

Silver
Cigital   Accuvant   Core Security

Radware   Imperva   WhiteHat Security

Barracuda Networks   Rapid7   Aspect Security

Fishnet Security   Intrepidus Group   NT OBJECTives

Additional Sponsors
F5

Media Partners
TECHdotMN   The 451 Group

(ISC)2   InfoSecurity