background image


Conference Day 1 – Thursday, July 12th, 2012

P=Presentation, D=Demo, R=Research paper

Builders (A1) Defenders (A2) Breakers (Auditorium)
8:45-9:30 Registration/Coffee
9:30-10:00 Welcome

OWASP Foundation, Where we are… Where we are Going


10:00 -10:45 Keynote: Software Security Goes Mobile

video | slidesJacob West, CTO, Fortify Products, HP

10:45-11:00 Coffee Break
11:00-11:40 (P)Â Teaching an Old Dog New Tricks Securing Development with PMD

video | slidesJustin Clarke

(Gotham Digital Science)

(P) OWASP Top Ten Defensive Techniques

video | slidesJim Manico


(P)Â Screw You and the Script You Rode in On

video | slidesDavid Byrne and Charles Henderson


11:40-11:50 Break
11:50-12:30 (P) Unraveling some of the Mysteries around DOMbased XSS

video | slidesDave Wichers

(Aspect Security)

(P)Â Breaking is easy, preventing is hard

video | slidesMatias Madou


What Permissions Does Your Database User REALLY Need?

video | slidesDan Cornell

(Denim Group)

12:30-12:40 Break
12:40-13:25 Keynote: From EasySQL to CPUs

video | slidesDuncan Harris, Director of Security Assurance, Oracle

13:25-14:25 Lunch
14:25-15:10 Keynote: Finding Malware on a Web Scale

video | slidesBen Livshits, Researcher, Microsoft Research

15:10-15:20 Break
15:20-16:00 (P)Â Tricolour Alphanumerical Spaghetti

video | slidesColin Watson

(Watson Hall)

(P) CISO’s Guide to Securing SharePoint

video | slidesTsvika Klein


(P) I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST

video | slidesOfer Maor

(Seeker Security)

16:00-16:15 Coffee Break
16:15-16:55 (P) Heap Exploitation Abstraction by Example

video | slidesPatroklos Argyroudis and Chariton Karamitas

(Census Inc)

Things Your Smartphone Does When Nobody’s Looking

video | slidesChris Eng


(P)Â Achieving Sustainable Delivery of Web Application Security Virtual Laboratory Resources for Distance Learning

video | slidesAdrian Winckles and Ibrahim Jeries

(Anglia Ruskin University)

16:55-17:45 Panel - PCI Security Standards and Application Security

video | slidesJeremy King (PCI Council)

20:00 Cocktail

Conference Day 2 – Friday, July 13th, 2012

Builders (A1) Defenders (A2) Breakers (Auditorium)
8:15-9:00 Registration/Coffee
9:00-9:10 Announcements
9:10-9:55 Keynote: A Decade of Software Security: From the Bug Parade to the BSIMM

video | slidesGary McGraw, CTO, Cigital

9:55-10:05 Break
10:05 – 10:45 (D)Â Development of Security Framework based on OWASP ESAPI for JSF2.0

video | slidesKachhadiya Rakeshkumar and Benoist Emmanuel

(Albert Ludwigs Universität Freiburg and Berne University of Applied Sciences)

(D)Â Benchmarking Web Application Scanners for YOUR Organization

video | slidesDan Cornell

(Denim Group)

(D) The “” side of geolocation. Weaponizing your checkins

video | slidesIoannis Kakavas

(IT Advisor)

10:45-11:00 Coffee Break
11:00-11:40 (D) Making Security Invisible by Becoming the Developer’s Best Friends

video | slidesDinis Cruz

(Security Innovation)

(P)Â Data Mining a Mountain of Zero Day Vulnerabilities

video | slidesChris Eng


(P) Anticipating Surprise – Fundamentals of Intelligence Gathering

video | slidesFred Donovan

(Attack Logic)

11:40-11:50 Break
11:50-12:35 Keynote:Â Fatal Injection (and what you can do about it)

video | slidesDiomidis Spinellis, Professor, Athens University of Economics and Business

12:35-13:10 Keynote: Everything you know about Injection Attack is wrong

video | slidesPravir Chandra (Bloomberg)

13:10-13:50 Lunch
13:50-14:30 (P)Â Real World Threat Modeling via the PASTA Methodology

video | slidesTony Ucedavelez


(P)Â Can Correlations Secure Web Application?

video | slidesOfer Shezaf


(D)Â BDD for Automating Web Application Testing

video | slidesStephen De Vries

(Continuum Security)

14:30-14:40 Break
14:40-15:20 (P)Â AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

video | slidesJerry Hoff


(D)Â Using Hash-based Message Authentication Code Protocol to Reduce Web Application Attack Surface

video | slidesBreno Pinto and Luiz Eduardo Santos


(D)Â Advanced CSRF and Stateless Anti-CSRF

video | slidesJohn Wilander

(Svenska Handelbanken and Linköpings universitet)

15:20-15:30 Break
15:30-16:10 (P)Â Anatomy of a Logic Flaw: Breaking the Myth

video | slidesCharles Henderson


(P) 2012 Global Security Report

video | slidesTom Brennan


(P)Â The Invisible Threat – MitB (Man in the Browser)

video | slidesUri Fleyder

(RSA Security)

16:10-16:20 Break
16:20-17:00 Keynote: Jackpotting Mobile Apps

video | slidesChristian Papathanasiou

17:00-17:15 Closing ceremony
17:45-20:30 Visit to the Acropolis Museum