schedule

Schedule

Wednesday, April 4, 2012
7:30AM – 8:50AM Registration
8:50AM – 9:00AM Welcome and Opening Remarks
9:00AM – 10:00AM Keynote: Dan Geer
10:00AM – 10:45AM OWASP Board
10:45AM – 11:00AM Coffee Break

 

Offense & ToolsRoom 201 Case StudiesRoom 202A IoMTRoom 202B Interrogate!Room 206
11:00AM – 11:50AM DOMJacking – Attack, Exploit and DefenseShreeraj Shah The Unfortunate Reality of Insecure LibrariesJeff Williams and Arshan Dabirsiaghi Python Basics for Web App Pentesters – Part 2Justin Searle Integrating Application Security into your Lifecycle and
ProcurementJim Manico
11:50AM – 12:00PM Coffee Break
12:00PM – 12:50PM Attacking CAPTCHAs for Fun and ProfitGursev Singh Kalra Case Study: How New Software Assurance Policy Reduces Risk
and CostsRob Roy and John Keane		 Security is Dead. Long Live Rugged DevOps: IT at Ludicrous
SpeedJoshua Corman
12:50PM – 2:30PM No-Host Lunch
2:30PM – 3:20PM Hacking .NET(C#) Applications: The Black ArtsJon McCoy Security at scale: Web application security in a continuous
deployment environmentZane Lackey		 The “Easy” Button for Your Web Application Security CareerSalvador Grec Risk Analysis and Measurement with CWRAFJoe Jarzombek, Bob Martin, Walter Houser and Tom Brennan
3:20PM – 3:30PM Coffee Break
3:30PM – 4:20PM OWASP Broken Web Applications (OWASP BWA) 1.0 ReleaseChuck Willis Security Is Like An Onion, That’s Why It Makes You CryMichele Chubirka Anatomy of a Logic FlawCharles Henderson and David Byrne
4:20PM – 4:30PM Coffee Break
4:30PM – 5:20PM New and Improved Hacking Oracle from WebSumit Siddharth State of Web SecurityRobert Rowley Old Webshells, New Tricks — How Persistent Threats have
revived an old idea, and how you can detect them.Ryan Kazanciyan		 Fed Panel
5:20PM – 5:30PM Coffee Break
5:30PM – 6:20PM Unraveling some of the Mysteries around DOM-based XSSDave Wichers 2012 Global Security ReportTom Brennan and Nick Percoco Survivable Software for Cyber-Physical SystemsKaren Mercedes Goertzel
6:20PM Networking Opportunity sponsored by

 

Thursday, April 5, 2012
Critical InfrastructureRoom 201 Defend!Room 202A On the GoRoom 202B SDLCRoom 206
7:30AM-9:00AM Registration
9:00AM- 9:50AM Pentesting Smart Grid Web AppsJustin Searle Friends don’t let friends store passwords in source code Neil Matatall Smart Bombs: Mobile Vulnerability and ExploitationKevin Johnson, John Sawyer and Tom Eston Overcoming the Quality vs. Quantity Problem in Software
Security TestingRafal Los
Web Application Defense with Bayesian Attack Analysis Ryan Barnett
9:50AM – 10:00AM Coffee Break
10:00AM- 10:50AM Vulnerabilities in Industrial Control SystemsICS-CERT Access ControlJim Manico Software Security Goes MobileJacob West Baking In Security, Sweet, Secure, CupcakesKen Johnson and Matt Ahrens
10:50AM-11:00AM Coffee Break
11:00AM- 11:50AM AMI SecurityJohn Sawyer and Don Weber SharePoint Security 101Rob Rachwald Behind Enemy Lines – Practical& Triage Approaches to Mobile
Security Abroad – 2012 EditionJustin Morehouse		 Understanding IAST – More Context, Better AnalysisJeff Williams
11:50AM- 1:30PM No-Host Lunch
1:30PM- 2:20PM Project Basecamp: News from Camp 4Reid Wightman Enterprise Security API (ESAPI) for C Plus PlusDan Amodio Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec
Live EnvironmentKevin Johnson and Tony Delagrange		 Proactive risk mitigation within the Software Development Lifecycle (SDLC)
Joe White
2:30PM – 2:30PM Coffee Break
2:30PM- 3:20PM Real world backdoors on industrial devicesRuben Santamarta Dynamic DAST/WAF IntegrationRyan Barnett An In-Depth Introduction to the Android Permissions Model,
and How to Secure Multi-Component ApplicationsJeff Six		 Teaching an Old Dog New Tricks: Securing Development with
PMDJoe Hemler
3:20PM- 3:30PM Coffee Break
3:30PM- 4:20PM Denial of Surface.Eireann Leverett Cloud-based dWAF: A Real World Deployment Case StudyAlexander Meisel Android in the Healthcare Workplace A Case StudyThomas Richards What can an Acquirer do to prevent developers from make
dangerous software errors?Michele Moss and Don Davidson
4:20PM- 4:30PM Coffee Break
4:30PM- 5:20PM Securing Critical InfrastructureFrancis Cianfrocca Using PHPIDS to Understand Attacks TrendsSalvador Grec Mobile Application Security – Who, how and whyMike Park and Charles Henderson Private information Protection in Cloud Computing _ Laws,
Compliance and Cloud Security MisconceptionsMikhail Utin and Daniil Utin
5:20PM Closing Remarks