Appsec USA 2013, New York

NOVEMBER 20 • WEDNESDAY

8:30AM – 8:50AM Welcome to OWASP AppSecUSA – Updates
Speakers: Tom Brennan, Peter Dean, Israel Bryski

9:00AM – 9:50AM Keynote: Computer and Network Security: I Think We Can Win!
Speakers: William Cheswick

10:00AM – 10:50AM Hardening Windows 8 apps for the Windows Store
Speakers: Bill Sempf

10:00AM – 10:50AM The Perilous Future of Browser Security
Speakers: Robert Hansen

10:00AM – 10:50AM Automation Domination
Speakers: Brandon Spruth

10:00AM – 10:50AM How To Stand Up an AppSec Program – Lessons from the Trenches
Speakers: Joe Friedman

10:00AM – 10:50AM PANEL: Aim-Ready-Fire
Moderator: Wendy Nather
Speakers: Ajoy Kumar, Pravir Chandra, Suprotik Ghose, Jason Rothhaupt, Ramin Safai, Sean Barnum

10:00AM – 10:50AM Project Talk: Project Leader Workshop
Speakers: Samantha Groves

11:00AM – 11:50AM From the Trenches: Real-World Agile SDLC
Speakers: Chris Eng

11:00AM – 11:50AM Securing Cyber-Physical Application Software
Speakers: Warren Axelrod

11:00AM – 11:50AM Why is SCADA Security an Uphill Battle?
Speakers: Amol Sarwate

11:00AM – 11:50AM Computer Crime Laws
Speakers: Tor Ekeland, Attorney

11:00AM – 11:50AM Can AppSec Training Really Make a Smarter Developer?
Speakers: John Dickson

11:00AM – 11:50AM Project Talk: OWASP Enterprise Security API Project
Speakers: Chris Schmidt, Kevin Wall

12:00PM – 12:50PM All the network is a stage, and the APKs merely players: Scripting Android Applications
Speakers: Daniel Peck

12:00PM – 12:50PM BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors
Speakers: Jason Haddix, Dawn Isabel

12:00PM – 12:50PM Case Study: 10 Steps to Agile Development without Compromising Enterprise Security
Speakers: Yair Rovek

12:00PM – 12:50PM Build but don’t break: Lessons in Implementing HTTP Security Headers
Speakers: Kenneth Lee

12:00PM – 12:50PM The Cavalry Is Us: Protecting the public good
Speakers: Josh Corman, Nicholas J. Percoco

1:00PM – 1:50PM Mantra OS: Because The World is Cruel
Speakers: Greg Disney-Leugers

1:00PM – 1:50PM Open Mic – Birds of a Feather –> Cavalry
Speakers: Josh Corman, Nicholas J. Percoco

1:00PM – 1:50PM HTML5: Risky Business or Hidden Security Tool Chest?
Speakers: Johannes Ullrich

1:00PM – 1:50PM A Framework for Android Security through Automation in Virtual Environments
Speakers: Parth Patel

1:00PM – 1:50PM 2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs
Speakers: Marco Morana, Tobias Gondrom

1:00PM – 1:50PM PANEL: Privacy or Security: Can We Have Both?
Moderators: Jeff Fox
Speakers: Jim Manico, James Elste, Jack Radigan, Amy Neustein, Joseph Concannon, Steven Rambam

1:00PM – 1:50PM Project Talk: OWASP OpenSAMM Project
Speakers: Seba Deleersnyder, Pravir Chandra

2:00PM – 2:50PM Javascript libraries (in)security: A showcase of reckless uses and unwitting misuses
Speakers: Stefano Di Paola

2:00PM – 2:50PM Revenge of the Geeks: Hacking Fantasy Sports Sites
Speakers: Dan Kuykendall

2:00PM – 2:50PM What You Didn’t Know About XML External Entities Attacks
Speakers: Timothy Morgan

2:00PM – 2:50PM Open Mic: Making the CWE Approachable for AppSec Newcomers
Speakers: Hassan Radwan

2:00PM – 2:50PM “What Could Possibly Go Wrong?” – Thinking Differently About Security
Speakers: Mary Ann Davidson

2:00PM – 2:50PM PANEL: Cybersecurity and Media: All the News That’s Fit to Protect?
Moderators: Dylan Tweney
Speakers: Rajiv Pant, Gordon Platt, Space Rogue, Michael Carbone, Nico Sell

2:00PM – 2:50PM Project Talk: The OWASP Education Projects
Speakers: Konstantinos Papapanagiotou, Martin Knobloch

3:00PM – 3:50PM Advanced Mobile Application Code Review Techniques
Speakers: sreenarayan a

3:00PM – 3:50PM OWASP Zed Attack Proxy
Speakers: Simon Bennetts

3:00PM – 3:50PM Open Mic: FERPAcolypse NOW! – Lessons Learned from an inBloom Assessment
Speakers: Mark Major

3:00PM – 3:50PM Pushing CSP to PROD: Case Study of a Real-World Content-Security Policy Implementation
Speakers: Brian Holyfield, Erik Larsson

3:00PM – 3:50PM MMaking the Future Secure with Java
Speakers: Milton Smith

3:00PM – 3:50PM PANEL: Mobile Security 2.0: Beyond BYOD
Moderators: Stephen Wellman
Speakers: Devindra Hardawar, Daniel Miessler, Jason Rouse

3:00PM – 3:50PM Project Talk: OWASP AppSensor Project
Speakers: John Melton, Dennis Groves

4:00PM – 4:50PM OWASP Top Ten Proactive Controls
Speakers: Jim Manico

4:00PM – 4:50PM Open Mic: Struts Ognl – Vulnerabilities Discovery and Remediation
Speakers: Eric Kobrin

4:00PM – 4:50PM Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud)
Speakers: Ory Segal, Tsvika Klein

4:00PM – 4:50PM Forensic Investigations of Web Explotations
Speakers: Ondrej Krehel

4:00PM – 4:50PM Sandboxing JavaScript via Libraries and Wrappers
Speakers: Phu Phung

4:00PM – 4:50PM Tagging Your Code with a Useful Assurance Label
Speakers: Robert Martin, Sean Barnum

NOVEMBER 21 • THURSDAY

9:00AM – 9:50AM ‘) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniques’)%00
Speakers: Roberto Salgado

9:00AM – 9:50AM Defeating XSS and XSRF using JSF Based Frameworks
Speakers: Steve Wolf

9:00AM – 9:50AM Contain Yourself: Building Secure Containers for Mobile Devices
Speakers: Ronald Gutierrez

9:00AM – 9:50AM Mobile app analysis with Santoku Linux
Speakers: Hoog Andrew

9:00AM – 9:50AM AppSec at DevOps Speed and Portfolio Scale
Speakers: Jeff Williams

9:00AM – 10:00AM OWN THE CON: How we organized AppSecUSA – come learn how you can do it too
Speakers: Tom Brennan, Sarah Baso, Peter Dean, Israel Bryski

10:00AM – 10:50AM Open Mic: OpenStack Swift – Cloud Security
Speakers: Rodney Beede

10:00AM – 10:50AM iOS Application Defense – iMAS
Speakers: Gregg Ganley

10:00AM – 10:50AM PiOSoned POS – A Case Study in iOS based Mobile Point-of-Sale gone wrong
Speakers: Mike Park

10:00AM – 10:50AM Accidental Abyss: Data Leakage on The Internet
Speakers: Kelly FitzGerald

10:00AM – 10:50AM Leveraging OWASP in Open Source Projects – CAS AppSec Working Group
Speakers: Bill Thompson, Aaron Weaver, David Ohsie

10:00AM – 11:50AM Project Talk and Training: OWASP O2 Platform
Speakers: Dinis Cruz

11:00AM – 11:50AM OWASP Hackademic: a practical environment for teaching application security
Speakers: Konstantinos Papapanagiotou

11:00AM – 11:50AM An Introduction to the Newest Addition to the OWASP Top 10. Experts Break-Down the New Guideline and Offer Provide Guidance on Good Component Practice
Speakers: Ryan Berg

11:00AM – 11:50AM Verify your software for security bugs
Speakers: Simon Roses Femerling

11:00AM – 11:50AM Open Mic: Password Breaches – Why They Impact Your App Security When Other WebApps Are Breached
Speakers: Michael Coates

11:00AM – 11:50AM The State Of Website Security And The Truth About Accountability and “Best-Practices”, Full Report
Speakers: Jeremiah Grossman

12:00PM – 12:50PM Open Mic: What Makes OWASP Japan Special
Speakers: Riotaro OKADA

12:00PM – 12:50PM Insecure Expectations
Speakers: Matt Konda

12:00PM – 12:50PM OWASP Periodic Table of Vulnerabilities
Speakers: James Landis

12:00PM – 12:50PM Application Security: Everything we know is wrong
Speakers: Eoin Keary

12:00PM – 12:50PM PANEL: Women in Information Security: Who Are We? Where Are We Going?
Moderators: Joan Goodchild
Speakers: Dawn-Marie Hutchinson, Valene Skerpac, Carrie Schaper, Gary Phillips

12:00PM – 12:50PM Project Talk: OWASP Testing Guide
Speakers: Andrew Mueller, Matteo Meucci

1:00PM – 1:50PM Hack.me: a new way to learn web application security
Speakers: Armando Romeo

1:00PM – 1:50PM Hacking Web Server Apps for iOS
Speakers: Bruno Oliviera

1:00PM – 1:50PM Open Mic: Vision of the Software Assurance Market (SWAMP)

1:00PM – 1:50PM NIST – Missions and impacts to US industry, economy and citizens
Speakers: James St. Pierre, Rick Kuhn

1:00PM – 1:50PM PANEL: Wait Wait… Don’t Pwn Me!
Moderators: Mark Miller
Speakers: Josh Corman, Chris Eng, Space Rogue, Gal Shpantzer

1:00PM – 1:50PM Project Talk: OWASP Development Guide
Speakers: Andrew van der Stock

2:00PM – 2:50PM Buried by time, dust and BeEF
Speakers: Michele Orru

2:00PM – 2:50PM Go Fast AND Be Secure: Eliminating Application Risk in the Era of Modern, Component-Based Development
Speakers: Jeff Williams, Ryan Berg

2:00PM – 2:50PM Modern Attacks on SSL/TLS: Let the BEAST of CRIME and TIME be not so LUCKY
Speakers: Pratik Guha Sarkar, Shawn Fitzgerald

2:00PM – 2:50PM OWASP Broken Web Applications (OWASP BWA): Beyond 1.0
Speakers: Chuck Willis

2:00PM – 2:50PM POpen Mic: Practical Cyber Threat Intelligence with STIX
Speakers: Sean Barnum

2:00PM – 2:50PM Project Talk: OWASP Security Principles Project
Speakers: Dennis Groves

3:00PM – 3:30PM Open Mic: About OWASP
Speakers: Sarah Baso, Michael Coates

3:00PM – 3:50PM HTTP Time Bandit
Speakers: Vaagn Toukharian

3:00PM – 3:50PM Wassup MOM? Owning the Message Oriented Middleware
Speakers: Gursev Singh Kalra

3:00PM – 3:50PM The 2013 OWASP Top 10
Speakers: Dave Wichers

3:00PM – 3:50PM CSRF not all defenses are created equal
Speakers: Ari Elias-Bachrach

3:00PM – 3:50PM Project Talk: OWASP Code Review Guide
Speakers: Larry Conklin

3:30PM – 4:00PM Bug Bounty – Group Hack
Speakers: Tom Brennan, Casey Ellis

4:00PM – 5:00PM Award Ceremony
Speakers: Tom Brennan, Peter Dean