54
54
Apr 28, 2015
04/15
by
OWASP
movies
eye 54
favorite 0
comment 0
AppSec California 2015 - Day 1, Track 2, Slot 5 Title Anatomy of memory scraping, credit card stealing POS malware Abstract Credit card payment processing and point-of-sale (POS) systems are like a black box for most people without knowledge of its internal workings. But recent data breaches of thousands of credit cards have shown that determined attackers have not only mastered ways to steal magnetic stripe cards, but also targeted EMV chip cards. The session will start by explaining the...
Topics: Youtube, video, Science & Technology, web application, webapps, appsec california 2015,...
16
16
Oct 1, 2015
10/15
by
OWASP
movies
eye 16
favorite 0
comment 0
Recorded at AppSecUSA 2015 in San Francisco https://2015.appsecusa.org/ Cipher Text Says “MIID8zCCAtugAwIBAgIBAT” - Enterprise-wide SSL Automation w/Lemur + CloudCA Contact - Kevin Glisson, Netflix, kglisson@netflix.com Abstract At Netflix Security we try our best to enable developers by removing roadblocks and providing systems with “sane” defaults that keep everyone from shooting themselves in the foot. When dealing with SSL shooting yourself in the foot particularly important;...
Topics: Youtube, video, Science & Technology, owasp, appsec, netflix, lemur, appsecusa
13
13
Sep 30, 2014
09/14
by
OWASP
movies
eye 13
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 10:30am - 11:15am Use After Free Exploitation Use After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a...
Topics: Youtube, video, Science & Technology, owasp, appsec, Stephen Sims
30
30
Jun 9, 2015
06/15
by
OWASP
movies
eye 30
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Luca De Fulgentis Windows Phone App Security For Builders And Breakers You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=m_hEBmNtUbg Uploader: OWASP
Topics: Youtube, video, Entertainment
23
23
Jun 9, 2015
06/15
by
OWASP
movies
eye 23
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Helen McLaughlin Can Saas Ever Be Secure? You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=8kYENtyGdGk Uploader: OWASP
Topics: Youtube, video, Entertainment
25
25
Mar 19, 2018
03/18
by
OWASP
movies
eye 25
favorite 0
comment 0
by Jonathan Marcil, Application Security Engineer at Twitch Abstract: Threat Modeling is a great way to analyze security early in software development by structuring possible attacks, bad actors and countermeasures over a broad view of the targeted system. This talk will describe basic components of a threat model and how to use them effectively. Modeling concepts will be demonstrated using a cryptocurrency ecosystem as example. by Jonathan Marcil, Application Security Engineer of Twitch...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Jonathan Marcil
20
20
Mar 21, 2016
03/16
by
OWASP
movies
eye 20
favorite 0
comment 0
Jeremiah Grossman Founder WhiteHat Security Jeremiah Grossman is the founder of WhiteHat Security. Jeremiah possesses a unique combination of technology savvy, customer advocacy and personal passion for application security. A world-renowned web security expert, sought-after speaker and influential blogger, Jeremiah brings a literal lifetime of information security experience, both homegrown and from his days as Yahoo!’s information security engineer, to the role. The ultimate “WhiteHat,”...
Topics: Youtube, video, Science & Technology, owasp, appsec
30
30
Jul 16, 2016
07/16
by
OWASP
movies
eye 30
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=EPp5rCdXwm0 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
25
25
Nov 23, 2018
11/18
by
OWASP
movies
eye 25
favorite 0
comment 0
Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration. The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for testing the security of mobile apps. It describes processes...
Topics: Youtube, video, Science & Technology, owasp, appsec
30
30
Nov 20, 2016
11/16
by
OWASP
movies
eye 30
favorite 0
comment 0
Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ Containerizing your Security Operations Center As security professionals, we have no shortage of tools available to us in our offensive and defensive pursuits. How we choose to deploy, maintain, and share these tools across teams can prove to be burdensome and overly complex. Security teams are becoming swept up in the DevOps movement and we are being encouraged to bring visibility into our workflows and toolsets. This...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
18
18
Oct 1, 2018
10/18
by
OWASP
movies
eye 18
favorite 0
comment 0
OWASP AppSec EU 2018 Hacker Track - Day 2, talk 4 Browsers are embedded everywhere, from popular applications like Steam and Spotify to headless crawlers, IoT devices and games consoles. They execute JavaScript but you don't have a dev console and some don't even allow you to interact with them. Many add custom JavaScript objects and functions but how can you discover all this hidden treasure without any dev tools? My talk introduces a new tool for your arsenal that allows you to inspect and...
Topics: Youtube, video, Science & Technology, owasp, appsec
55
55
Nov 27, 2013
11/13
by
OWASP
movies
eye 55
favorite 0
comment 0
Case Study: 10 Steps to Agile Development without Compromising Enterprise Security - Yair Rovek In an Agile, fast paced environment with frequent product releases, security code reviews & testing is usually considered a delaying factor that conflicts with success. Is it possible to keep up with the high-end demands of continuous integration and deployment without abandoning security best practices? We started our journey seeking a way to reduce friction, risk and cost driven from...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
19
19
Mar 27, 2018
03/18
by
OWASP
movies
eye 19
favorite 0
comment 0
Abstract: Building on the Bug Hunter's Methodology 1.0 given at Defcon 23, 2.0 brings the newest testing techniques, tools, and vulnerability data to penetration testers and security folk. Dive into new-school advents in discovery, XSS, server-side template injection, server-side request forgery, Code injection (SQLi, PHP, ++), XXE, robbing misconfigured infrastructure, CI, Code repositories, and more! Jason Haddix Bugcrowd Head of Trust and Security Jason is the Director of Technical...
Topics: Youtube, video, Science & Technology, owasp, appsec, apsec cali 2018, Jason Haddix
17
17
Jul 4, 2014
07/14
by
OWASP
movies
eye 17
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Gaps in the enforcement of access control policy of a software system can lead to privilege escalation, allowing unauthorized access to sensitive resources and operations. We describe a novel technique to automatically detect missing and inconsistent authorization checks in web applications with static analysis and conclude with empirical results of using our approach on real-world applications. The concept of granting different users...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
16
16
Jun 9, 2015
06/15
by
OWASP
movies
eye 16
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Aaron Weaver Building An AppSec Pipeline: Keeping Your Program, And Your Life, Sane You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=1CDSOSl4DQU Uploader: OWASP
Topics: Youtube, video, Entertainment
19
19
Mar 21, 2016
03/16
by
OWASP
movies
eye 19
favorite 0
comment 0
Many of the talks at security conferences these days involve the launch of a new security automation framework. Each of these tools have different goals and technologies that met their organizations needs. When it comes to your organization, how will you decide whether to build, buy, or borrow? Are there better criteria than just technology stack compatibility? What qualities make a good design for your environment? Where do you deploy? Which open-source tools work best? How do you ensure...
Topics: Youtube, video, Science & Technology, owasp, appsec
51
51
Jul 16, 2016
07/16
by
OWASP
movies
eye 51
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=eChViaOVAKo Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
16
16
Jan 15, 2018
01/18
by
OWASP
movies
eye 16
favorite 0
comment 0
A Secure Product Lifecycle (SPLC) is integral in ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams. This session will discuss lessons learned, soup-to-nuts, through the process of designing, rolling out, and measuring a scalable SPLC. In Adobe’s Digital Marketing business unit, two security analysts created a successful program that has scaled to support thousands of...
Topics: Youtube, video, Science & Technology, owasp, appsec
11
11
Jun 9, 2015
06/15
by
OWASP
movies
eye 11
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Maty Siman The Node.js Highway: Attacks Are At Full Throttle You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=DsJm404Nrvg Uploader: OWASP
Topics: Youtube, video, Entertainment
16
16
May 25, 2017
05/17
by
OWASP
movies
eye 16
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=dPUpTXwtu98 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
39
39
Nov 21, 2018
11/18
by
OWASP
movies
eye 39
favorite 0
comment 0
As organizations scale, it can become increasingly difficult for a small security team to process the large volumes of alerts. In addition, the employee who triggered the alert frequently has the most context as to what transpired. At our organization, we use a Slack bot to engage employees after suspicious activity. Involving employees has the dual benefit of raising company-wide security awareness and lightening the load on our security team. Employees also give us valuable insight into why...
Topics: Youtube, video, Science & Technology, owasp, appsec
22
22
May 26, 2017
05/17
by
OWASP
movies
eye 22
favorite 0
comment 0
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. 'Pushing left' refers to starting security earlier in the SDLC; addressing the problem throughout the process, and specifically during the development phase. From scanning your code with a vulnerability scanner to red team exercises, developer education programs and bug bounties, this talk will show...
Topics: Youtube, video, Science & Technology, owasp, appsec
73
73
May 25, 2017
05/17
by
OWASP
movies
eye 73
favorite 0
comment 0
Developers needs prescriptive guidance on preemptive design and coding techniques. This can be done blindly or in alignment to both application use cases and the context of abuse cases or threats. This talk will speak to case studies in risk centric threat modeling using the PASTA (Process for Attack Simulation & Threat Analysis) methodology and provide 3 use cases of IoT, E-Commerce, and Mobile Applications. This talk will assume that a basic understanding of data flow diagramming, pen...
Topics: Youtube, video, Science & Technology, owasp, appsec
17
17
Nov 13, 2016
11/16
by
OWASP
movies
eye 17
favorite 0
comment 0
Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ The talk will generalize the recent spate of deserialization attacks, including a brief discussion of an originally authored exploit for a recently discovered CVE. The commonalities between deserialization attacks will then be discussed, laying the framework for a "how to" guide on finding and exploiting deserialization vulnerabilities. The talk will also explain the incredible difficulty faced when using...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
20
20
May 25, 2017
05/17
by
OWASP
movies
eye 20
favorite 0
comment 0
Configuration management tools such as Puppet or Chef have become increasingly popular as many organizations shifted towards a Software Defined Infrastructure (SDI).. These tools allow system administrators to express the infrastructure in source code once and deploy them multiple times. While configuration management tools offer many advantages in terms of single point of maintenance, (security) testing and the ability to perform security audits, they are also an attractive target for...
Topics: Youtube, video, Science & Technology, owasp, appsec
17
17
May 21, 2017
05/17
by
OWASP
movies
eye 17
favorite 0
comment 0
Continuous security: Bringing agility to the secure development lifecycle Rod Cope Rogue Wave Software CTO Websiteroguewave.com Rod Cope, CTO, drives the technology vision for Rogue Wave Software. Rod was the founder and CTO of OpenLogic, a profitable venture-backed company and has over 20 years of experience in software development spanning telecommunications, aerospace, healthcare, and manufacturing. Working at IBM, IBM Global Services, General Electric, and for the CTO of Anthem, Rod has led...
Topics: Youtube, video, Science & Technology, owasp, appsec
53
53
Nov 27, 2013
11/13
by
OWASP
movies
eye 53
favorite 0
comment 0
(Audio only) Wassup MOM? Owning the Message Oriented Middleware - Gursev Singh Kalra Message Oriented Middleware (MOM) allows disparate applications to communicate with each other by exchanging information in the form of messages. A MOM and its clients create an enterprise messaging application that forms the transactional backbone of several large organizations worldwide. Security is therefore an important aspect of these applications. This research analyzes enterprise messaging security from...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
24
24
Jul 16, 2016
07/16
by
OWASP
movies
eye 24
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=0qu9oFaHuY0 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
23
23
Oct 8, 2017
10/17
by
OWASP
movies
eye 23
favorite 0
comment 0
ReproNow: Save time Reproducing and Triaging Security bugs Crowdsourcing security aka Bug Bounty Programs are adapted by almost all companies today: big, small, mid size. While companies reap a lot of benefits, the challenge is to have a security engineer/engineers reproduce each of the bug, understand the replication method and spend time recreating the security bug that the researcher reported. And sometimes (read all the time) it may also require a lot of going back and forth with the...
Topics: Youtube, video, Science & Technology, owasp, appsec
13
13
May 26, 2017
05/17
by
OWASP
movies
eye 13
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=KjjznjL84qc Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
126
126
Mar 19, 2018
03/18
by
OWASP
movies
eye 126
favorite 0
comment 0
by Coleen Coolidge, Christina Kubecka, Kayva Pearlman, Caroline Wong, and Magen Wu Coleen Coolidge Coleen Coolidge is Head of Security at Segment in San Francisco. Previously, she was at Twilio as Sr Director of Trust and Security. She's also served in security-leadership positions at more traditional, enterprise companies like First American Title and CoreLogic in Southern California. Coleen works on advancing the security culture past “just having the infrastructure-people do it” to...
Topics: Youtube, video, Science & Technology, owasp, appsec, Coleen Coolidge, Christina Kubecka, Kayva...
9
9.0
Sep 19, 2014
09/14
by
OWASP
movies
eye 9
favorite 0
comment 0
Live from AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 4:30pm - 5:30pm - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=7EOlyq90k_4 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
10
10.0
May 21, 2017
05/17
by
OWASP
movies
eye 10
favorite 0
comment 0
When Bandit(s) Strike - Defend your Python Code Will Bengtson Travis McPeak Will Bengtson Nuna, Inc Senior Security Program Manager Websitehttps://linkedin.com/in/william-bengtson-cissp-26837953 William Bengtson is an information security professional with years of experience in a variety of roles including red teaming, network security, architecture risk analysis lead, software security, exploit development, security architect lead, application developer and certification lead. Bengtson comes...
Topics: Youtube, video, Science & Technology, owasp, appsec
9
9.0
Aug 25, 2017
08/17
by
OWASP
movies
eye 9
favorite 0
comment 0
Keynote - Cryptography in the age of Heartbleed The past decade has seen an unprecedented number of high-profile data breaches. To address this threat, businesses have begun to invest heavily in encryption technologies, both to protect data and to reduce liability in the event of a breach. However, the widespread deployment of encryption has placed a new burden on application developers, a burden that is made worse by the fact that many of our existing protocols and software libraries are...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
15
15
May 26, 2017
05/17
by
OWASP
movies
eye 15
favorite 0
comment 0
Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made it pretty clear that companies are adopting this organizational model in order to facilitate a practice of automated software deployment. While the traditional idea of a 'software release' dissolves away into a continuous cycle of service and delivery improvements, organizations find that their traditional application security solutions are having a hard time to adapt to the new process and...
Topics: Youtube, video, Science & Technology, owasp, appsec
22
22
Jul 16, 2016
07/16
by
OWASP
movies
eye 22
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=U7GeLw_nAOc Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
8
8.0
May 26, 2017
05/17
by
OWASP
movies
eye 8
favorite 0
comment 0
Threat modelling is one of the best techniques for achieving security on architectural level. However, introducing it on existing complex projects requires time which developers may not have. This talk introduces a technique for performing threat modelling in ongoing projects without a prohibitive initial time investment. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=WePVoeYrhpg Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
19
19
Nov 20, 2013
11/13
by
OWASP
movies
eye 19
favorite 0
comment 0
2013 WASPY Awards followed by OWASP Jeopardy with host Jerry Hoff https://www.owasp.org/index.php/WASPY_Awards_2013 - Recorded and live streamed by: https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=dvGsvbcTmRA Uploader: OWASP
Topics: Youtube, video, Science & Technology, Hangouts On Air, Appsecusa 2013, owasp, #hoa,...
16
16
Jul 4, 2014
07/14
by
OWASP
movies
eye 16
favorite 0
comment 0
AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Three key devops principles are the merging of skills in previously separate teams, extensive process automation and faster delivery through more frequent software deploys. These present some interesting challenges to application security such as: How to effectively communicate and manage security requirements in such a dynamic environment? How to perform rigorous security testing when software is deployed multiple times per day? How to...
Topics: Youtube, video, Science & Technology, Appseceu, owasp, appsec
43
43
Jul 16, 2016
07/16
by
OWASP
movies
eye 43
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=ToE5THthpEU Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
43
43
Dec 12, 2017
12/17
by
OWASP
movies
eye 43
favorite 0
comment 0
Keynote - Runa A. Sandvik: Building a Culture of Security at The New York Times The traditional approach for security teams has involved the existence of a siloed department, slow gatekeeping controls designed in a world of Waterfall development, and processes that aren't nearly as agile as they should be. The New York Times has staked its future on being a destination for readers; the way we gather and report news is changing, so is the way we develop products. We, the security team, need to...
Topics: Youtube, video, Science & Technology, owasp, appsec
14
14
May 21, 2017
05/17
by
OWASP
movies
eye 14
favorite 0
comment 0
The Road to Free Certificates is Paved with Good Intentions Jillian Karner Let's Encrypt/Internet Security Research Group Log Whisperer Jillian has worked at black screens with white typewriter text for start-ups in the security field since her early college years. Now graduated from Arizona State University, she is currently working with Let's Encrypt. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source:...
Topics: Youtube, video, Science & Technology, owasp, appsec
31
31
Jul 16, 2016
07/16
by
OWASP
movies
eye 31
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=7vgbjA5ZESU Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
14
14
Sep 29, 2014
09/14
by
OWASP
movies
eye 14
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 3:00pm - 3:45pm Ground Truths of a Rugged DevOps Practitioner DevOps isn't just a buzzword. It isn't a miracle cure. It isn't the security apocolypse. From the perspecitve of a practitioner who has been on a DevOps journey, we can explore the lessons learned - including surprises. This session will be a mixture of case study, lessons learned, future plans, and interactive discussion. Speaker Matt Tesauro...
Topics: Youtube, video, Science & Technology, owasp, appsec, Matt Tesauro
20
20
Nov 26, 2018
11/18
by
OWASP
movies
eye 20
favorite 0
comment 0
Authentication is a core piece of many applications but it has traditionally been handled in a monolithic manner. Foreign keys to the user table and join tables for roles and permissions is the most common mechanism that applications use to manage user data. Moving to microservices means that applications now need to decouple authentication, user management, and user data. To accomplish this, a portable identity model is required. In this session, we will discuss the advantages of a...
Topics: Youtube, video, Science & Technology, owasp, appsec
8
8.0
May 11, 2014
05/14
by
OWASP
movies
eye 8
favorite 0
comment 0
OWASP Global Webinar - OWASP HIVE Project - Welcome to the Grid 10/23/13 OWASP HIVE project is an idea for a learning platform by using some small capable pc to do our bidding. https://www.owasp.org/index.php/OWASP_Hive_Project - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=B73BRfWl2s4 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
36
36
Oct 12, 2017
10/17
by
OWASP
movies
eye 36
favorite 0
comment 0
How To Approach InfoSec Like a Fed(eral Auditor) For more than a decade, independent arms of the federal government have published application and hardware security standards that only a minor subset of the InfoSec community has a true grasp on. The Federal Information Processing Standard (FIPS) 140-2 contains 11 comprehensive security requirement areas, and the National Information Assurance Directive (NIAP) has created Common Criteria Protection Profiles for Network Devices and Applications...
Topics: Youtube, video, Science & Technology, owasp, appsec
24
24
Jun 9, 2015
06/15
by
OWASP
movies
eye 24
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Ange Albertini Preserving Arcade Games You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=G0XDexkEY8c Uploader: OWASP
Topics: Youtube, video, Entertainment
17
17
May 26, 2017
05/17
by
OWASP
movies
eye 17
favorite 0
comment 0
Your are using Azure for deploying applications, storing data, hybrid networking, and many other services? And how secure it is? Author will offer a technical, hands-on overview of how security shall be implemented in each of step. Will go thru overall security practices and will end up with .Net application deployment to Azure in secure way. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=HJthzZO1D9A...
Topics: Youtube, video, Science & Technology, owasp, appsec
22
22
Jun 9, 2015
06/15
by
OWASP
movies
eye 22
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Frederik Braun Using A JavaScript CDN That Can Not XSS You - With Subresource Integrity You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=K8ws8qxBJqg Uploader: OWASP
Topics: Youtube, video, Entertainment
15
15
May 21, 2017
05/17
by
OWASP
movies
eye 15
favorite 0
comment 0
Monitoring Application Attack Surface to Integrate Security into DevOps Pipelines Dan Cornell Denim Group, Ltd. Chief Technology Officer and a Principal A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security...
Topics: Youtube, video, Science & Technology, owasp, appsec
11
11
May 11, 2014
05/14
by
OWASP
movies
eye 11
favorite 0
comment 0
OWASP Global Webinar - Ken Johnson - RailsGoat 2013/09/11 Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the initial project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below....
Topics: Youtube, video, Science & Technology, owasp, appsec
25
25
Mar 19, 2018
03/18
by
OWASP
movies
eye 25
favorite 0
comment 0
Abstract: Security as we have known it has completely changed. Through challenges from the outside and from within there is a wholesale conversion happening across the industry where DevOps and Security are joining forces. This talk is a hybrid of inspiration and pragmatism for dealing with the new landscape. by James Wickett of Signal Sciences Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=R1skq70DGsM...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, James Wickett
20
20
Nov 21, 2018
11/18
by
OWASP
movies
eye 20
favorite 0
comment 0
SAML is often the trust anchor for Single Sign-On (SSO) in most modern day organizations. This presentation will discuss a new vulnerability discovered which has affected multiple independent SAML implementations, and more generally, can affect any systems reliant on the security of XML signatures. The issues found through this research affected multiple libraries, which in turn may underpin many SSO systems. The root cause of this issue is due to the way various SAML implementations traverse...
Topics: Youtube, video, Science & Technology, owasp, appsec
13
13
Nov 11, 2017
11/17
by
OWASP
movies
eye 13
favorite 0
comment 0
Core Rule Set for the Masses Everyone who has used, or attempted to use, OWASP ModSecurity Web Application Firewall knows something about fine-tuning rules. ModSecurity Core Rule Set (CRS) was designed to catch more, show more and let you decide what to do with security alerts. It is a time consuming -- and often frustrating -- exercise to analyze alerts, separating the wheat from the chaff, and determine which are candidates for blocking. With thousands of servers at more than 100 locations,...
Topics: Youtube, video, Science & Technology, owasp, appsec
47
47
May 23, 2016
05/16
by
OWASP
movies
eye 47
favorite 0
comment 0
ZAP es un proxy de interceptación. El cual permite observar todas las solicitudes realizadas hacia la aplicación web y todas las respuestas recibidas desde esta Alonso Eduardo Caballero Quezada es EXIN Ethical Hacking Foundation Certificate, LPI Linux Essentials Certificate, Brainbench Certified Network Security (Master), Computer Forensics (U.S.) & Linux Administration (General), IT Masters Certificate of Achievement en Network Security Administrator, Hacking Countermeasures, Cisco CCNA...
Topics: Youtube, video, Science & Technology, owasp, appsec
22
22
Jul 2, 2014
07/14
by
OWASP
movies
eye 22
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing. In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including: * Handling single page and other 'non standard' apps...
Topics: Youtube, video, Science & Technology, zap, owasp, appseceu
21
21
Feb 3, 2014
02/14
by
OWASP
movies
eye 21
favorite 0
comment 0
Most application risk managers agree that training software developers to understand security concepts can be an important part of any software security program. Couple that with the Payment Card Industry, who mandate that developers should have training in secure coding techniques as laid out in their Data Security Standard. Yet others call developer training "compliance-ware," a necessary evil and a tax on software development in the enterprise. This presentation shares the results...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali2014
28
28
Apr 28, 2015
04/15
by
OWASP
movies
eye 28
favorite 0
comment 0
AppSec California 2015 - Day 1, Track 2, Slot 3 Title Leveling up an application security program Abstract In this talk, David will relay lessons learned from his first year working in the application security program at Riot Games. David will explain how he assessed the level of the program when he joined, and what gaps he identified. He will give an overview of how Riot approaches application security in a fast paced, agile environment. This will include how Riot implements controls which do...
Topics: Youtube, video, Science & Technology, owasp, webapps, infosec, appsec california 2015, webapp,...
31
31
Oct 17, 2017
10/17
by
OWASP
movies
eye 31
favorite 0
comment 0
WAFs FTW! A modern devops approach to security testing your WAF Although Web Application Firewalls (WAFs) are recognized as an effective aspect of a defense in depth strategy, there are few tools that attempt to objectively review their effectiveness. Research companies like NSS or Gartner perform benchmarks of WAFs, but their methodologies are rarely disclosed. With the advent of site reliability and devops cultures, infrastructure as code has been a strategy to verify functionality of...
Topics: Youtube, video, Science & Technology, owasp, appsec
42
42
Nov 26, 2013
11/13
by
OWASP
movies
eye 42
favorite 0
comment 0
Application Security: Everything we know is wrong - Eoin Keary The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing and developing secure software. This talk is sure to challenge the status quo of web security today. "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein We continue to rely on a "pentest" to secure our applications. Why do we...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
12
12
Jun 26, 2014
06/14
by
OWASP
movies
eye 12
favorite 0
comment 0
Starting at 10:30 UTC Source: https://www.youtube.com/watch?v=iq3MbhO8X_8 Uploader: OWASP
Topics: Youtube, video, Entertainment, #hangoutsonair, Hangouts On Air, #hoa
15
15
Sep 22, 2014
09/14
by
OWASP
movies
eye 15
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 3:00pm - 3:45pm Not Go Quietly: Adaptive Strategies and Unlikely Teammates Don’t be a hero; assemble your team of avengers from unlikely allies. Nearly every aspect of our job as defenders has gotten more difficult and more complex—escalating threat, massive IT change, burdensome compliance reporting, all with stagnant security budgets and headcount. Rather than surrender, it’s time to fight back....
Topics: Youtube, video, Science & Technology, owasp, appsec, Joshua Corman, management
72
72
Nov 26, 2013
11/13
by
OWASP
movies
eye 72
favorite 0
comment 0
Hacking Web Server Apps for iOS - Bruno Oliveira Since the iPhone has been released, people have been trying to figure out different ways to turn it into a common data storage device. Many applications have been released in the iTunes Store in order to add this capability, some using USB transport (via iTunes), others Bluetooth. However, another way found by most of these software vendors is to share the disk space in the cellphone using not only using WiFi capabilities but also the data...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa
27
27
Jul 16, 2016
07/16
by
OWASP
movies
eye 27
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=6ZiJvlMeb-E Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
29
29
Feb 14, 2014
02/14
by
OWASP
movies
eye 29
favorite 0
comment 0
X-as-a-Service products are integral in the U.S. tech industry with their ability to take the pain out of server configuration, maintenance, provisioning, data storage and other aspects of running a server. With the recent outing of PRISM, a clandestine national security electronic surveillance program, the next desirable IT feature is "not subject to American law." How can we leverage cloud-based software while maintaining privacy? This talk is a look at what exactly PRISM is, how...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali2014
9
9.0
Jan 23, 2014
01/14
by
OWASP
movies
eye 9
favorite 0
comment 0
M. Takebe is a contributor on ISO/IEC TR 24772:2010 that is Information technology -- Programming languages -- Guidance to avoiding vulnerabilities in programming languages through language selection and use. http://grouper.ieee.org/groups/plv/ SLIDES: https://speakerdeck.com/owaspmontreal/explanation-on-tr24772-by-tatsuaki-takebe Source: https://www.youtube.com/watch?v=GuY0DJxyiiU Uploader: OWASP
Topics: Youtube, video, Entertainment, #hangoutsonair, Hangouts On Air, #hoa
45
45
Mar 21, 2016
03/16
by
OWASP
movies
eye 45
favorite 0
comment 0
For the last 20 years, assessment of the security of proposed systems has been a standard. Indeed, NIST-14 (1996) states, "Security requirements should be developed at the same time system planners define the requirements of the system.” Yet, threat modeling remains something of a “black art”, understood solely by the innercognoscenti, “security architects”. Indeed, at most companies, threat models are regarded as highly classified, need-to-know materials. This secretive...
Topics: Youtube, video, Science & Technology, owasp, appsec
23
23
Jun 9, 2015
06/15
by
OWASP
movies
eye 23
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ David Vaartjes Agile Security Testing - Lessons Learned You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=M1Xb79U_xCw Uploader: OWASP
Topics: Youtube, video, Entertainment
30
30
Mar 21, 2016
03/16
by
OWASP
movies
eye 30
favorite 0
comment 0
Adaptive Testing Methodology: Crowdsourced Testing Methodology Customized to the Target Stack Testing methodology is a sore subject for most pentesters. Everyone has their own way to do things, and 3 people testing the same thing often end up with different results—especially when constrained for time. The ASTM project has two goals: 1) allow testers to consistently find the best vulnerabilities in the shortest amount of time, and 2) provide a framework for community improvement of the...
Topics: Youtube, video, Science & Technology, owasp, appsec
41
41
Mar 19, 2018
03/18
by
OWASP
movies
eye 41
favorite 0
comment 0
Abstract: Android malware authors may enforce one or a combination of protection techniques like obfuscators, packers and protectors. This additional step just before publishing the app adds complexity for Android Bouncers and various static, and dynamic code analysis tools. Along with these protection techniques a combination of features such as emulation detection, anti debugging, root detection, tampering detection, anti runtime injection enables malicious application practically makes...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Swapnil Deshmukh
18
18
May 21, 2017
05/17
by
OWASP
movies
eye 18
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=9XBP04a8A18 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
23
23
Mar 19, 2018
03/18
by
OWASP
movies
eye 23
favorite 0
comment 0
Abstract: Artificial Intelligence, or even just Machine Learning for those who prefer organic, is influencing nearly all aspects of modern digital life. Whether it be financial, health, education, energy, transit...emphasis on performance gains and cost reduction has driven the delegation of human tasks to non-human agents. Yet who in infosec today can prove agents worthy of trust? Unbridled technology advances, as we have repeatedly learned in history, bring very serious risks of accelerated...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Davi Ottenheimer
23
23
Oct 12, 2017
10/17
by
OWASP
movies
eye 23
favorite 0
comment 0
Black-Box Approximate Taint Tracking by Utilizing Data Partitioning The information security industry has a long history of challenges when it comes to ensuring the safety of user input data. User input must be escaped when using a template to build a string. Whether in HTML, SQL, or shell commands it is best practice to escape data from untrusted sources. Most of the time this is done by having the developer think through all possible code paths the string could have taken. This requires...
Topics: Youtube, video, Science & Technology, owasp, appsec
51
51
Jul 4, 2014
07/14
by
OWASP
movies
eye 51
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Many, many conferences nowadays come with "HTML5 is insecure" or "Hacking with HTML5" talks. This has lead to a general perception that HTML5 itself (whatever the term actually stands for) is insecure and, thus, should be avoided for security reasons. This is highly unfortunate, as the current generation of new Web APIs expose a level of security sophistication, which is unparalleled in the Web's history. In fact, new...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp, HTML5 (API)
