Skip to main content

OWASP

The Open Web Application Security Project (OWASP) is an



rss RSS

728
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Published
Creator
OWASP
movies

eye 54

favorite 0

comment 0

AppSec California 2015 - Day 1, Track 2, Slot 5 Title Anatomy of memory scraping, credit card stealing POS malware Abstract Credit card payment processing and point-of-sale (POS) systems are like a black box for most people without knowledge of its internal workings. But recent data breaches of thousands of credit cards have shown that determined attackers have not only mastered ways to steal magnetic stripe cards, but also targeted EMV chip cards. The session will start by explaining the...
Topics: Youtube, video, Science & Technology, web application, webapps, appsec california 2015,...
OWASP
movies

eye 16

favorite 0

comment 0

Recorded at AppSecUSA 2015 in San Francisco https://2015.appsecusa.org/ Cipher Text Says “MIID8zCCAtugAwIBAgIBAT” - Enterprise-wide SSL Automation w/Lemur + CloudCA Contact - Kevin Glisson, Netflix, kglisson@netflix.com Abstract At Netflix Security we try our best to enable developers by removing roadblocks and providing systems with “sane” defaults that keep everyone from shooting themselves in the foot. When dealing with SSL shooting yourself in the foot particularly important;...
Topics: Youtube, video, Science & Technology, owasp, appsec, netflix, lemur, appsecusa
OWASP
movies

eye 13

favorite 0

comment 0

Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 10:30am - 11:15am Use After Free Exploitation Use After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a...
Topics: Youtube, video, Science & Technology, owasp, appsec, Stephen Sims
OWASP
movies

eye 30

favorite 0

comment 0

From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Luca De Fulgentis Windows Phone App Security For Builders And Breakers You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=m_hEBmNtUbg Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies

eye 23

favorite 0

comment 0

From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Helen McLaughlin Can Saas Ever Be Secure? You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=8kYENtyGdGk Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies

eye 25

favorite 0

comment 0

by Jonathan Marcil, Application Security Engineer at Twitch Abstract: Threat Modeling is a great way to analyze security early in software development by structuring possible attacks, bad actors and countermeasures over a broad view of the targeted system. This talk will describe basic components of a threat model and how to use them effectively. Modeling concepts will be demonstrated using a cryptocurrency ecosystem as example. by Jonathan Marcil, Application Security Engineer of Twitch...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Jonathan Marcil
OWASP
movies

eye 20

favorite 0

comment 0

Jeremiah Grossman Founder WhiteHat Security Jeremiah Grossman is the founder of WhiteHat Security. Jeremiah possesses a unique combination of technology savvy, customer advocacy and personal passion for application security. A world-renowned web security expert, sought-after speaker and influential blogger, Jeremiah brings a literal lifetime of information security experience, both homegrown and from his days as Yahoo!’s information security engineer, to the role. The ultimate “WhiteHat,”...
Topics: Youtube, video, Science & Technology, owasp, appsec
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=EPp5rCdXwm0 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 25

favorite 0

comment 0

Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration. The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for testing the security of mobile apps. It describes processes...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 30

favorite 0

comment 0

Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ Containerizing your Security Operations Center As security professionals, we have no shortage of tools available to us in our offensive and defensive pursuits. How we choose to deploy, maintain, and share these tools across teams can prove to be burdensome and overly complex. Security teams are becoming swept up in the DevOps movement and we are being encouraged to bring visibility into our workflows and toolsets. This...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies

eye 18

favorite 0

comment 0

OWASP AppSec EU 2018 Hacker Track - Day 2, talk 4 Browsers are embedded everywhere, from popular applications like Steam and Spotify to headless crawlers, IoT devices and games consoles. They execute JavaScript but you don't have a dev console and some don't even allow you to interact with them. Many add custom JavaScript objects and functions but how can you discover all this hidden treasure without any dev tools? My talk introduces a new tool for your arsenal that allows you to inspect and...
Topics: Youtube, video, Science & Technology, owasp, appsec
Case Study: 10 Steps to Agile Development without Compromising Enterprise Security - Yair Rovek In an Agile, fast paced environment with frequent product releases, security code reviews & testing is usually considered a delaying factor that conflicts with success. Is it possible to keep up with the high-end demands of continuous integration and deployment without abandoning security best practices? We started our journey seeking a way to reduce friction, risk and cost driven from...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
OWASP
movies

eye 19

favorite 0

comment 0

Abstract: Building on the Bug Hunter's Methodology 1.0 given at Defcon 23, 2.0 brings the newest testing techniques, tools, and vulnerability data to penetration testers and security folk. Dive into new-school advents in discovery, XSS, server-side template injection, server-side request forgery, Code injection (SQLi, PHP, ++), XXE, robbing misconfigured infrastructure, CI, Code repositories, and more! Jason Haddix Bugcrowd Head of Trust and Security Jason is the Director of Technical...
Topics: Youtube, video, Science & Technology, owasp, appsec, apsec cali 2018, Jason Haddix
OWASP
movies

eye 17

favorite 0

comment 0

From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Gaps in the enforcement of access control policy of a software system can lead to privilege escalation, allowing unauthorized access to sensitive resources and operations. We describe a novel technique to automatically detect missing and inconsistent authorization checks in web applications with static analysis and conclude with empirical results of using our approach on real-world applications. The concept of granting different users...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Aaron Weaver Building An AppSec Pipeline: Keeping Your Program, And Your Life, Sane You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=1CDSOSl4DQU Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies

eye 19

favorite 0

comment 0

Many of the talks at security conferences these days involve the launch of a new security automation framework. Each of these tools have different goals and technologies that met their organizations needs. When it comes to your organization, how will you decide whether to build, buy, or borrow? Are there better criteria than just technology stack compatibility? What qualities make a good design for your environment? Where do you deploy? Which open-source tools work best? How do you ensure...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 51

favorite 0

comment 0

From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=eChViaOVAKo Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 16

favorite 0

comment 0

A Secure Product Lifecycle (SPLC) is integral in ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams. This session will discuss lessons learned, soup-to-nuts, through the process of designing, rolling out, and measuring a scalable SPLC. In Adobe’s Digital Marketing business unit, two security analysts created a successful program that has scaled to support thousands of...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 11

favorite 0

comment 0

From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Maty Siman The Node.js Highway: Attacks Are At Full Throttle You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=DsJm404Nrvg Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies

eye 16

favorite 0

comment 0

- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=dPUpTXwtu98 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
As organizations scale, it can become increasingly difficult for a small security team to process the large volumes of alerts. In addition, the employee who triggered the alert frequently has the most context as to what transpired. At our organization, we use a Slack bot to engage employees after suspicious activity. Involving employees has the dual benefit of raising company-wide security awareness and lightening the load on our security team. Employees also give us valuable insight into why...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 22

favorite 0

comment 0

With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. 'Pushing left' refers to starting security earlier in the SDLC; addressing the problem throughout the process, and specifically during the development phase. From scanning your code with a vulnerability scanner to red team exercises, developer education programs and bug bounties, this talk will show...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 73

favorite 0

comment 0

Developers needs prescriptive guidance on preemptive design and coding techniques. This can be done blindly or in alignment to both application use cases and the context of abuse cases or threats. This talk will speak to case studies in risk centric threat modeling using the PASTA (Process for Attack Simulation & Threat Analysis) methodology and provide 3 use cases of IoT, E-Commerce, and Mobile Applications. This talk will assume that a basic understanding of data flow diagramming, pen...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 17

favorite 0

comment 0

Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ The talk will generalize the recent spate of deserialization attacks, including a brief discussion of an originally authored exploit for a recently discovered CVE. The commonalities between deserialization attacks will then be discussed, laying the framework for a "how to" guide on finding and exploiting deserialization vulnerabilities. The talk will also explain the incredible difficulty faced when using...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies

eye 20

favorite 0

comment 0

Configuration management tools such as Puppet or Chef have become increasingly popular as many organizations shifted towards a Software Defined Infrastructure (SDI).. These tools allow system administrators to express the infrastructure in source code once and deploy them multiple times. While configuration management tools offer many advantages in terms of single point of maintenance, (security) testing and the ability to perform security audits, they are also an attractive target for...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies

eye 17

favorite 0

comment 0

Continuous security: Bringing agility to the secure development lifecycle Rod Cope Rogue Wave Software CTO Websiteroguewave.com Rod Cope, CTO, drives the technology vision for Rogue Wave Software. Rod was the founder and CTO of OpenLogic, a profitable venture-backed company and has over 20 years of experience in software development spanning telecommunications, aerospace, healthcare, and manufacturing. Working at IBM, IBM Global Services, General Electric, and for the CTO of Anthem, Rod has led...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 53

favorite 0

comment 0

(Audio only) Wassup MOM? Owning the Message Oriented Middleware - Gursev Singh Kalra Message Oriented Middleware (MOM) allows disparate applications to communicate with each other by exchanging information in the form of messages. A MOM and its clients create an enterprise messaging application that forms the transactional backbone of several large organizations worldwide. Security is therefore an important aspect of these applications. This research analyzes enterprise messaging security from...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
OWASP
movies

eye 24

favorite 0

comment 0

From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=0qu9oFaHuY0 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 23

favorite 0

comment 0

ReproNow: Save time Reproducing and Triaging Security bugs Crowdsourcing security aka Bug Bounty Programs are adapted by almost all companies today: big, small, mid size. While companies reap a lot of benefits, the challenge is to have a security engineer/engineers reproduce each of the bug, understand the replication method and spend time recreating the security bug that the researcher reported. And sometimes (read all the time) it may also require a lot of going back and forth with the...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 13

favorite 0

comment 0

- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=KjjznjL84qc Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 126

favorite 0

comment 0

by Coleen Coolidge, Christina Kubecka, Kayva Pearlman, Caroline Wong, and Magen Wu Coleen Coolidge Coleen Coolidge is Head of Security at Segment in San Francisco. Previously, she was at Twilio as Sr Director of Trust and Security. She's also served in security-leadership positions at more traditional, enterprise companies like First American Title and CoreLogic in Southern California. Coleen works on advancing the security culture past “just having the infrastructure-people do it” to...
Topics: Youtube, video, Science & Technology, owasp, appsec, Coleen Coolidge, Christina Kubecka, Kayva...
OWASP
movies

eye 9

favorite 0

comment 0

Live from AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 4:30pm - 5:30pm - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=7EOlyq90k_4 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 10

favorite 0

comment 0

When Bandit(s) Strike - Defend your Python Code Will Bengtson Travis McPeak Will Bengtson Nuna, Inc Senior Security Program Manager Websitehttps://linkedin.com/in/william-bengtson-cissp-26837953 William Bengtson is an information security professional with years of experience in a variety of roles including red teaming, network security, architecture risk analysis lead, software security, exploit development, security architect lead, application developer and certification lead. Bengtson comes...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 9

favorite 0

comment 0

Keynote - Cryptography in the age of Heartbleed The past decade has seen an unprecedented number of high-profile data breaches. To address this threat, businesses have begun to invest heavily in encryption technologies, both to protect data and to reduce liability in the event of a breach. However, the widespread deployment of encryption has placed a new burden on application developers, a burden that is made worse by the fact that many of our existing protocols and software libraries are...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies

eye 15

favorite 0

comment 0

Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made it pretty clear that companies are adopting this organizational model in order to facilitate a practice of automated software deployment. While the traditional idea of a 'software release' dissolves away into a continuous cycle of service and delivery improvements, organizations find that their traditional application security solutions are having a hard time to adapt to the new process and...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 22

favorite 0

comment 0

From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=U7GeLw_nAOc Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 8

favorite 0

comment 0

Threat modelling is one of the best techniques for achieving security on architectural level. However, introducing it on existing complex projects requires time which developers may not have. This talk introduces a technique for performing threat modelling in ongoing projects without a prohibitive initial time investment. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=WePVoeYrhpg Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies

eye 19

favorite 0

comment 0

2013 WASPY Awards followed by OWASP Jeopardy with host Jerry Hoff https://www.owasp.org/index.php/WASPY_Awards_2013 - Recorded and live streamed by: https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=dvGsvbcTmRA Uploader: OWASP
Topics: Youtube, video, Science & Technology, Hangouts On Air, Appsecusa 2013, owasp, #hoa,...
OWASP
movies

eye 16

favorite 0

comment 0

AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Three key devops principles are the merging of skills in previously separate teams, extensive process automation and faster delivery through more frequent software deploys. These present some interesting challenges to application security such as: How to effectively communicate and manage security requirements in such a dynamic environment? How to perform rigorous security testing when software is deployed multiple times per day? How to...
Topics: Youtube, video, Science & Technology, Appseceu, owasp, appsec
OWASP
movies

eye 43

favorite 0

comment 0

From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=ToE5THthpEU Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
Keynote - Runa A. Sandvik: Building a Culture of Security at The New York Times The traditional approach for security teams has involved the existence of a siloed department, slow gatekeeping controls designed in a world of Waterfall development, and processes that aren't nearly as agile as they should be. The New York Times has staked its future on being a destination for readers; the way we gather and report news is changing, so is the way we develop products. We, the security team, need to...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies

eye 14

favorite 0

comment 0

The Road to Free Certificates is Paved with Good Intentions Jillian Karner Let's Encrypt/Internet Security Research Group Log Whisperer Jillian has worked at black screens with white typewriter text for start-ups in the security field since her early college years. Now graduated from Arizona State University, she is currently working with Let's Encrypt. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source:...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 31

favorite 0

comment 0

From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=7vgbjA5ZESU Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 14

favorite 0

comment 0

Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 3:00pm - 3:45pm Ground Truths of a Rugged DevOps Practitioner DevOps isn't just a buzzword. It isn't a miracle cure. It isn't the security apocolypse. From the perspecitve of a practitioner who has been on a DevOps journey, we can explore the lessons learned - including surprises. This session will be a mixture of case study, lessons learned, future plans, and interactive discussion. Speaker Matt Tesauro...
Topics: Youtube, video, Science & Technology, owasp, appsec, Matt Tesauro
OWASP
movies

eye 20

favorite 0

comment 0

Authentication is a core piece of many applications but it has traditionally been handled in a monolithic manner. Foreign keys to the user table and join tables for roles and permissions is the most common mechanism that applications use to manage user data. Moving to microservices means that applications now need to decouple authentication, user management, and user data. To accomplish this, a portable identity model is required. In this session, we will discuss the advantages of a...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 8

favorite 0

comment 0

OWASP Global Webinar - OWASP HIVE Project - Welcome to the Grid 10/23/13 OWASP HIVE project is an idea for a learning platform by using some small capable pc to do our bidding. https://www.owasp.org/index.php/OWASP_Hive_Project - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=B73BRfWl2s4 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 36

favorite 0

comment 0

How To Approach InfoSec Like a Fed(eral Auditor) For more than a decade, independent arms of the federal government have published application and hardware security standards that only a minor subset of the InfoSec community has a true grasp on. The Federal Information Processing Standard (FIPS) 140-2 contains 11 comprehensive security requirement areas, and the National Information Assurance Directive (NIAP) has created Common Criteria Protection Profiles for Network Devices and Applications...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 24

favorite 0

comment 0

From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Ange Albertini Preserving Arcade Games You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=G0XDexkEY8c Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies

eye 17

favorite 0

comment 0

Your are using Azure for deploying applications, storing data, hybrid networking, and many other services? And how secure it is? Author will offer a technical, hands-on overview of how security shall be implemented in each of step. Will go thru overall security practices and will end up with .Net application deployment to Azure in secure way. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=HJthzZO1D9A...
Topics: Youtube, video, Science & Technology, owasp, appsec
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Frederik Braun Using A JavaScript CDN That Can Not XSS You - With Subresource Integrity You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=K8ws8qxBJqg Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
by OWASP
movies

eye 15

favorite 0

comment 0

Monitoring Application Attack Surface to Integrate Security into DevOps Pipelines Dan Cornell Denim Group, Ltd. Chief Technology Officer and a Principal A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 11

favorite 0

comment 0

OWASP Global Webinar - Ken Johnson - RailsGoat 2013/09/11 Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the initial project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below....
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 25

favorite 0

comment 0

Abstract: Security as we have known it has completely changed. Through challenges from the outside and from within there is a wholesale conversion happening across the industry where DevOps and Security are joining forces. This talk is a hybrid of inspiration and pragmatism for dealing with the new landscape. by James Wickett of Signal Sciences Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=R1skq70DGsM...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, James Wickett
OWASP
movies

eye 20

favorite 0

comment 0

SAML is often the trust anchor for Single Sign-On (SSO) in most modern day organizations. This presentation will discuss a new vulnerability discovered which has affected multiple independent SAML implementations, and more generally, can affect any systems reliant on the security of XML signatures. The issues found through this research affected multiple libraries, which in turn may underpin many SSO systems. The root cause of this issue is due to the way various SAML implementations traverse...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 13

favorite 0

comment 0

Core Rule Set for the Masses Everyone who has used, or attempted to use, OWASP ModSecurity Web Application Firewall knows something about fine-tuning rules. ModSecurity Core Rule Set (CRS) was designed to catch more, show more and let you decide what to do with security alerts. It is a time consuming -- and often frustrating -- exercise to analyze alerts, separating the wheat from the chaff, and determine which are candidates for blocking. With thousands of servers at more than 100 locations,...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 47

favorite 0

comment 0

ZAP es un proxy de interceptación. El cual permite observar todas las solicitudes realizadas hacia la aplicación web y todas las respuestas recibidas desde esta Alonso Eduardo Caballero Quezada es EXIN Ethical Hacking Foundation Certificate, LPI Linux Essentials Certificate, Brainbench Certified Network Security (Master), Computer Forensics (U.S.) & Linux Administration (General), IT Masters Certificate of Achievement en Network Security Administrator, Hacking Countermeasures, Cisco CCNA...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 22

favorite 0

comment 0

From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing. In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including: * Handling single page and other 'non standard' apps...
Topics: Youtube, video, Science & Technology, zap, owasp, appseceu
OWASP
movies

eye 21

favorite 0

comment 0

Most application risk managers agree that training software developers to understand security concepts can be an important part of any software security program. Couple that with the Payment Card Industry, who mandate that developers should have training in secure coding techniques as laid out in their Data Security Standard. Yet others call developer training "compliance-ware," a necessary evil and a tax on software development in the enterprise. This presentation shares the results...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali‎2014
OWASP
movies

eye 28

favorite 0

comment 0

AppSec California 2015 - Day 1, Track 2, Slot 3 Title Leveling up an application security program Abstract In this talk, David will relay lessons learned from his first year working in the application security program at Riot Games. David will explain how he assessed the level of the program when he joined, and what gaps he identified. He will give an overview of how Riot approaches application security in a fast paced, agile environment. This will include how Riot implements controls which do...
Topics: Youtube, video, Science & Technology, owasp, webapps, infosec, appsec california 2015, webapp,...
OWASP
movies

eye 31

favorite 0

comment 0

WAFs FTW! A modern devops approach to security testing your WAF Although Web Application Firewalls (WAFs) are recognized as an effective aspect of a defense in depth strategy, there are few tools that attempt to objectively review their effectiveness. Research companies like NSS or Gartner perform benchmarks of WAFs, but their methodologies are rarely disclosed. With the advent of site reliability and devops cultures, infrastructure as code has been a strategy to verify functionality of...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 42

favorite 0

comment 0

Application Security: Everything we know is wrong - Eoin Keary The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing and developing secure software. This talk is sure to challenge the status quo of web security today. "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein We continue to rely on a "pentest" to secure our applications. Why do we...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
OWASP
by OWASP
movies

eye 12

favorite 0

comment 0

Starting at 10:30 UTC Source: https://www.youtube.com/watch?v=iq3MbhO8X_8 Uploader: OWASP
Topics: Youtube, video, Entertainment, #hangoutsonair, Hangouts On Air, #hoa
OWASP
movies

eye 15

favorite 0

comment 0

Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 3:00pm - 3:45pm Not Go Quietly: Adaptive Strategies and Unlikely Teammates Don’t be a hero; assemble your team of avengers from unlikely allies. Nearly every aspect of our job as defenders has gotten more difficult and more complex—escalating threat, massive IT change, burdensome compliance reporting, all with stagnant security budgets and headcount. Rather than surrender, it’s time to fight back....
Topics: Youtube, video, Science & Technology, owasp, appsec, Joshua Corman, management
OWASP
movies

eye 72

favorite 0

comment 0

Hacking Web Server Apps for iOS - Bruno Oliveira Since the iPhone has been released, people have been trying to figure out different ways to turn it into a common data storage device. Many applications have been released in the iTunes Store in order to add this capability, some using USB transport (via iTunes), others Bluetooth. However, another way found by most of these software vendors is to share the disk space in the cellphone using not only using WiFi capabilities but also the data...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
OWASP
movies

eye 27

favorite 0

comment 0

From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=6ZiJvlMeb-E Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 29

favorite 0

comment 0

X-as-a-Service products are integral in the U.S. tech industry with their ability to take the pain out of server configuration, maintenance, provisioning, data storage and other aspects of running a server. With the recent outing of PRISM, a clandestine national security electronic surveillance program, the next desirable IT feature is "not subject to American law." How can we leverage cloud-based software while maintaining privacy? This talk is a look at what exactly PRISM is, how...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali‎2014
OWASP
movies

eye 9

favorite 0

comment 0

M. Takebe is a contributor on ISO/IEC TR 24772:2010 that is Information technology -- Programming languages -- Guidance to avoiding vulnerabilities in programming languages through language selection and use. http://grouper.ieee.org/groups/plv/ SLIDES: https://speakerdeck.com/owaspmontreal/explanation-on-tr24772-by-tatsuaki-takebe Source: https://www.youtube.com/watch?v=GuY0DJxyiiU Uploader: OWASP
Topics: Youtube, video, Entertainment, #hangoutsonair, Hangouts On Air, #hoa
OWASP
movies

eye 45

favorite 0

comment 0

For the last 20 years, assessment of the security of proposed systems has been a standard. Indeed, NIST-14 (1996) states, "Security requirements should be developed at the same time system planners define the requirements of the system.” Yet, threat modeling remains something of a “black art”, understood solely by the innercognoscenti, “security architects”. Indeed, at most companies, threat models are regarded as highly classified, need-to-know materials. This secretive...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 23

favorite 0

comment 0

From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ David Vaartjes Agile Security Testing - Lessons Learned You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=M1Xb79U_xCw Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies

eye 30

favorite 0

comment 0

Adaptive Testing Methodology: Crowdsourced Testing Methodology Customized to the Target Stack Testing methodology is a sore subject for most pentesters. Everyone has their own way to do things, and 3 people testing the same thing often end up with different results—especially when constrained for time. The ASTM project has two goals: 1) allow testers to consistently find the best vulnerabilities in the shortest amount of time, and 2) provide a framework for community improvement of the...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 41

favorite 0

comment 0

Abstract: Android malware authors may enforce one or a combination of protection techniques like obfuscators, packers and protectors. This additional step just before publishing the app adds complexity for Android Bouncers and various static, and dynamic code analysis tools. Along with these protection techniques a combination of features such as emulation detection, anti debugging, root detection, tampering detection, anti runtime injection enables malicious application practically makes...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Swapnil Deshmukh
OWASP
by OWASP
movies

eye 18

favorite 0

comment 0

- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=9XBP04a8A18 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
Abstract: Artificial Intelligence, or even just Machine Learning for those who prefer organic, is influencing nearly all aspects of modern digital life. Whether it be financial, health, education, energy, transit...emphasis on performance gains and cost reduction has driven the delegation of human tasks to non-human agents. Yet who in infosec today can prove agents worthy of trust? Unbridled technology advances, as we have repeatedly learned in history, bring very serious risks of accelerated...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Davi Ottenheimer
OWASP
movies

eye 23

favorite 0

comment 0

Black-Box Approximate Taint Tracking by Utilizing Data Partitioning The information security industry has a long history of challenges when it comes to ensuring the safety of user input data. User input must be escaped when using a template to build a string. Whether in HTML, SQL, or shell commands it is best practice to escape data from untrusted sources. Most of the time this is done by having the developer think through all possible code paths the string could have taken. This requires...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies

eye 51

favorite 0

comment 0

From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Many, many conferences nowadays come with "HTML5 is insecure" or "Hacking with HTML5" talks. This has lead to a general perception that HTML5 itself (whatever the term actually stands for) is insecure and, thus, should be avoided for security reasons. This is highly unfortunate, as the current generation of new Web APIs expose a level of security sophistication, which is unparalleled in the Web's history. In fact, new...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp, HTML5 (API)