Schedule
Conference Day 1 – Thursday, July 12th, 2012
P=Presentation, D=Demo, R=Research paper
| Builders (A1) | Defenders (A2) | Breakers (Auditorium) | |||
| 8:45-9:30 | Registration/Coffee | ||||
| 9:30-10:00 | Welcome
OWASP Foundation, Where we are… Where we are Going OWASP Board |
||||
| 10:00 -10:45 | Keynote: Software Security Goes Mobile
video | slidesJacob West, CTO, Fortify Products, HP |
||||
| 10:45-11:00 | Coffee Break | ||||
| 11:00-11:40 | (P)Â Teaching an Old Dog New Tricks Securing Development with PMD
video | slidesJustin Clarke (Gotham Digital Science) |
(P) OWASP Top Ten Defensive Techniques
video | slidesJim Manico (Whitehat) |
(P)Â Screw You and the Script You Rode in On
video | slidesDavid Byrne and Charles Henderson (Trustwave) |
||
| 11:40-11:50 | Break | ||||
| 11:50-12:30 | (P) Unraveling some of the Mysteries around DOMbased XSS
video | slidesDave Wichers (Aspect Security) |
(P)Â Breaking is easy, preventing is hard
video | slidesMatias Madou (HP) |
What Permissions Does Your Database User REALLY Need?
video | slidesDan Cornell (Denim Group) |
||
| 12:30-12:40 | Break | ||||
| 12:40-13:25 | Keynote: From EasySQL to CPUs
video | slidesDuncan Harris, Director of Security Assurance, Oracle |
||||
| 13:25-14:25 | Lunch | ||||
| 14:25-15:10 | Keynote: Finding Malware on a Web Scale
video | slidesBen Livshits, Researcher, Microsoft Research |
||||
| 15:10-15:20 | Break | ||||
| 15:20-16:00 | (P)Â Tricolour Alphanumerical Spaghetti
video | slidesColin Watson (Watson Hall) |
(P) CISO’s Guide to Securing SharePoint
video | slidesTsvika Klein (Imperva) |
(P) I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST
video | slidesOfer Maor (Seeker Security) |
||
| 16:00-16:15 | Coffee Break | ||||
| 16:15-16:55 | (P) Heap Exploitation Abstraction by Example
video | slidesPatroklos Argyroudis and Chariton Karamitas (Census Inc) |
Things Your Smartphone Does When Nobody’s Looking
video | slidesChris Eng (Veracode) |
(P)Â Achieving Sustainable Delivery of Web Application Security Virtual Laboratory Resources for Distance Learning
video | slidesAdrian Winckles and Ibrahim Jeries (Anglia Ruskin University) |
||
| 16:55-17:45 | Panel - PCI Security Standards and Application Security
video | slidesJeremy King (PCI Council) |
||||
| 20:00 | Cocktail | ||||
Conference Day 2 – Friday, July 13th, 2012
| Builders (A1) | Defenders (A2) | Breakers (Auditorium) | |
| 8:15-9:00 | Registration/Coffee | ||
| 9:00-9:10 | Announcements | ||
| 9:10-9:55 | Keynote: A Decade of Software Security: From the Bug Parade to the BSIMM
video | slidesGary McGraw, CTO, Cigital |
||
| 9:55-10:05 | Break | ||
| 10:05 – 10:45 | (D)Â Development of Security Framework based on OWASP ESAPI for JSF2.0
video | slidesKachhadiya Rakeshkumar and Benoist Emmanuel (Albert Ludwigs Universität Freiburg and Berne University of Applied Sciences) |
(D)Â Benchmarking Web Application Scanners for YOUR Organization
video | slidesDan Cornell (Denim Group) |
(D) The “cree.py†side of geolocation. Weaponizing your checkins
video | slidesIoannis Kakavas
(IT Advisor) |
| 10:45-11:00 | Coffee Break | ||
| 11:00-11:40 | (D) Making Security Invisible by Becoming the Developer’s Best Friends
video | slidesDinis Cruz (Security Innovation) |
(P)Â Data Mining a Mountain of Zero Day Vulnerabilities
video | slidesChris Eng (Veracode) |
(P) Anticipating Surprise – Fundamentals of Intelligence Gathering
video | slidesFred Donovan (Attack Logic) |
| 11:40-11:50 | Break | ||
| 11:50-12:35 | Keynote:Â Fatal Injection (and what you can do about it)
video | slidesDiomidis Spinellis, Professor, Athens University of Economics and Business |
||
| 12:35-13:10 | Keynote: Everything you know about Injection Attack is wrong
video | slidesPravir Chandra (Bloomberg) |
||
| 13:10-13:50 | Lunch | ||
| 13:50-14:30 | (P)Â Real World Threat Modeling via the PASTA Methodology
video | slidesTony Ucedavelez (VerSprite) |
(P)Â Can Correlations Secure Web Application?
video | slidesOfer Shezaf (HP) |
(D)Â BDD for Automating Web Application Testing
video | slidesStephen De Vries (Continuum Security) |
| 14:30-14:40 | Break | ||
| 14:40-15:20 | (P)Â AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life
video | slidesJerry Hoff (Whitehat) |
(D)Â Using Hash-based Message Authentication Code Protocol to Reduce Web Application Attack Surface
video | slidesBreno Pinto and Luiz Eduardo Santos (Trustwave) |
(D)Â Advanced CSRF and Stateless Anti-CSRF
video | slidesJohn Wilander (Svenska Handelbanken and Linköpings universitet) |
| 15:20-15:30 | Break | ||
| 15:30-16:10 | (P)Â Anatomy of a Logic Flaw: Breaking the Myth
video | slidesCharles Henderson (Trustwave) |
(P) 2012 Global Security Report
video | slides Tom Brennan(Trustwave) |
(P)Â The Invisible Threat – MitB (Man in the Browser)
video | slidesUri Fleyder (RSA Security) |
| 16:10-16:20 | Break | ||
| 16:20-17:00 | Keynote: Jackpotting Mobile Apps
video | slidesChristian Papathanasiou |
||
| 17:00-17:15 | Closing ceremony | ||
| 17:45-20:30 | Visit to the Acropolis Museum | ||
