Home » Blogs » mtesauro's blog

Talks of Interest - some personal notables from AppSecEU 2009

Submitted by mtesauro on Tue, 05/19/2009 - 22:51

As promised, I've found some time to add a list of talks that I thought were very interesting.  I spent much of the conference helping out with various and sundry things and actually got to see very few talks while I was there.  That said, here's the talks that I can't wait for the videos to get posted:

Interesting attack vectors and tools

  • The OWASP Orizon project: new static analysis in HiFi by Paolo Perego (Day 1)
  • The Bank in the Browser - Defending web infrastructures from banking malware by Giorgio Fedon (Day 1)
  • The Truth about Web Application Firewalls: What the vendors do not want you to know by Wendel Guglielmetti Henrique & Sandro Gauci (Day 1)
    • Interesting tools WAFW00F and WAFFUN - code site
  • Advanced SQL injection exploitation to operating system full control by Bernardo Damele Assumpcao Guimaraes (Day 1)
    • Author of sqlmap which was just added to the Live CD
  • Exploiting Web 2.0 – Next Generation Vulnerabilities by Shreeraj Shah (Day 1)
  • w3af, A framework to 0wn the web by Andrés Riancho (Day 2)
  • CSRF: the nightmare becomes reality? by Lieven Desmet (Day 2)
  • I thought you were my friend Evil Markup, browser issues and other obscurities by Mario Heiderich (Day 2)
  • HTTP Parameter Pollution by Luca Carettoni & Stefano Di Paola (Day 2)
  • Business Logic Attacks: Bots and Bats Eldad Chai (Day 2)
  • Can an accessible web application be secure? Assessment issues for security testers, developers and auditors by Colin Watson (Day 2)
    • Winner of my unexpected security problem of the conference

 

Secure SDLC talks

  • Tracking the effectiveness of an SDL program: lessons from the gym by Cassio Goldschmidt (Day 1)
  • Threat Modeling by John Steven (Day 1)
  • Maturing Beyond Application Security Puberty by David Harper (Day 1)
  • Deploying Secure Web Applications with OWASP Resources by Kuai Hinojosa (Day 2)
  • Factoring malware and organized crime in to Web application security by Gunter Ollmann (Day 2)
  • Real Time Defenses against Application Worms and Malicious Attackers by  Michael Coates (Day 2)

 

Agile got some good play as well.  If that someting on your radar, check out these:

  • Leveraging agile to gain better security by Erlend Oftedal (Day 1)
  • Brain's hardwiring and its impact on software development and secure software by Alexandru Bolboaca & Maria Diaconu (Day 2)

 

Though not really presentations, the panel discussions should be pretty interesting to watch.  (Full Disclosure:  I was on the Day 2 panel)