AppSec USA 2017 - Sec.Today

Star 0

Talks

Title	Humans
Friday the 13th: Attacking JSON	Oleksandr Mirosh , Alvaro Muñoz , HPE
Overcoming Mobile App Security Challenges with DevOps	NowSecure
Making Vulnerability Management Less Painful with OWASP DefectDojo	Greg Anderson
Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation
iGoat – A Self Learning Tool for iOS App Pentesting and Security
How to stop worring about application Container security
Leveraging Blockchain for Identity and Authentication in IoT is good for Security
Where we’re going… we won’t need passwords…	Michael Stewart , USAA
Securing C code that seems to work just fine	Fastly
Leveraging the ASVS in the Secure SDLC
Application Security “Built from Scratch”
An Agile Framework for Building GDPR Privacy and Data Protection Requirements into SDLC	Security Compass
Monitoring Application Attack Surface and Integrating Security into DevOps Pipelines
Androsia: A tool for securing in memory sensitive data	Samit Anwer
Handling of Security Requirements in Software Development Lifecycle
Core Rule Set for the Masses
Building a Secure DevOps Pipeline
WAFs FTW! A modern devops approach to security testing your WAF	Zack Allen , ZeroFOX
Automating TLS Configuration Verification on the Back-End of the Web Application Stack	Steven Danneman , Security Innovation
Common Developer Crypto Mistakes (with illustrations in Java)
Practical Dynamic Application Security Testing within an Enterprise	Verizon
When Molehill Vulnerabilities Become Mountainous Exploits	Checkmarx
Juggling the Elephants – Making AppSec a Continuous Program	Aspect Security
Beyond Takeover – Attacker’s in. Now what?	Itsik Mantin , Imperva
DevSecOps is real - What we learned by matching our appsec testing to our continuous release cycles
What We Learned Remediating XSS in GitHub Open Source Projects
Supply Chain Anarchy – Trojaned Binaries in the Java Ecosystem	Contrast Security
Beyond End-to-End Encryption: Threats Models For Secure Messaging
SPLC as a Service	Adobe Systems, Inc.
Popular Approaches to Preventing Code Injection Attacks are Dangerously Wrong	Waratek
Cookie Security – Myths and Misconceptions	Synopsys
HUNT: Data Driven Web Hacking & Manual Testing	Bugcrowd
Moving Fast and Securing Things
Top 10 Security Best Practices to secure your Microservices
DASTProxy: Don’t let your automated security testing program stall on crawl. Instead focus on business context.
Crafting the next-generation Man-in-the-Browser Trojan
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections
KeyNote - Discussion on Application Security: John Steven and Jim Manico will be discussing application security from a unique perspective.	Synopsys
Passive Fingerprinting of HTTP/2 Clients	Elad Shuster , Akamai
How to detect CSRF vulnerability, reliably?
An Overview of API Underprotection
“Capture the Flag” for Developers: Upping your Training Game	Aspect Security
Embedding GDPR into the SDLC	Steven Wierckx
NoSQL Is Not NoVulnerable
Test Driven Security in the DevOps pipeline	Julien Vehent , Mozilla
There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge	Netflix
A Static Tainting Analysis Method for Aspect-Oriented Programs
ReproNow: Save time Reproducing and Triaging Security bugs	Salesforce
Black-Box Approximate Taint Tracking by Utilizing Data Partitioning
This Old App, a guide to renovating apps for the cloud
Building Secure ASP.NET Core MVC Applications	CA Veracode
How To Approach InfoSec Like a Fed(eral Auditor)	Aspect Security
Measuring End-to-End Security Engineering
An Investigation into the Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi
Federated Login CSRF	Microsoft Corporation
KeyNote - Runa A. Sandvik: Building a Culture of Security at The New York Times
KeyNote - Tony UcedaVelez: Fixing Broken Enterprise Threat Models w/ OWASP Measures: Commissioning AppSec Professionals for Real Change
Enhancing Physical Perimeter Defense Using SDR