|
MANAGEMENT
HP Enterprise Security Room
|
DEVELOPER
LASCON 1 |
RED TEAM
LASCON 2
|
ARCHITECTURE
Gemalto Room |
AUDIT
Symantec Room |
LOCKPICK VILLIAGE
Expo Hall |
| 9:00-9:50 |
KEYNOTE PRESENTATION
(Matt Tesauro) |
--
|
--
|
--
|
--
|
Hands-On Lockpicking
|
| 10:00-10:50 |
Building Effective Risk Management and Cyber Security Programs
(Ron Ross)
|
Ghosts of XSS Past, Present, and Future
(Jim Manico and Peter Perfetti)
|
What are Hackers Hacking?
(Noa Bar-Yosef)
|
Protecting Data, Applications, and Services using Secure Portable Devices
(Asad Ali and Karen Lu)
|
PCI, CWE/SANS Top 25 and OWASP Top 10 - Bringing It All Together
(Keith Turpin)
|
Hands-On Lockpicking
|
| 11:00-11:50 |
Infosec In The New World Order: Rugged DevOps and More ...
(Gene Kim) |
This Is Not The JavaScript You're Looking For...
(Daniel Herrera)
|
The Techie Side of Social Engineering
(David Hughes) |
Threat
(John Steven)
|
Web and Mobile Software Security Assurance - Do You Speak RISK?
(John Sapp) |
Hands-On Lockpicking
|
| 12:00-12:50 |
RELAXED LUNCH |
Reversing Web Applications
(Andrew Wilson) |
Hacking (and Defending) iPhone Applications
(Kevin Stadmeyer and Garrett Held) |
-- |
--
|
Hands-On Lockpicking
|
| 1:00-1:50 |
You're Going to Need a Bigger Shovel - A Critical Look at Software Security Assurance
(Rafal Los) |
Beautiful Payment Systems with OAuth
(Tom Brown)
|
A New Technique for Data Exfiltration and Confidentiality
(Josh Sokol and Orlando Barrera II) |
The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching
(Dan Cornell)
|
You're Bleeding Sensitive Data - Find it Before They Do
(Steve Werby) |
Hands-On Lockpicking
|
| 2:00-2:50 |
A Statistical Journey through the Web Application Security Landscape
(Jeremiah Grossman)
|
A History of SDL
(Michael Howard)
|
There is no 'I' in Red Team: A Solution for Red Team Collaboration
(Raphael Mudge) |
Top 10 Mobile Application Risks
(Chris Eng) |
How To Pass PCI (Or Any Other IT Audit) With Badly Busted Systems
(Shane Macdougall) |
Hands-On Lockpicking
|
| 3:00-3:50 |
Measuring Software Assurance
(Joe Jarzombek) |
Developer Cheat Sheets Series - How to influence a developer to write secure code in 10 minutes
(Jim Manico and Sherif Koussa) |
The Most (UN) common Red Team Tools Every Tester Should Have
(Ryan Jones and Charles Henderson) |
Coding Secure Infrastructure in the Cloud using the PIE framework
(James Wickett and Peco Karayanev) |
OpenSAMM in the Real World: Pitfalls Discovered and Treasure Collected Along the Way
(Philip Beyer and Scott Stevens) |
Hands-On Lockpicking
|
| 4:00-4:50 |
SPEED DEBATES |
How to Build a Secure Login Page
(Ben Broussard)
|
Automated vs. Manual Security: You can't scan for The Stupid
(David Byrne and Charles Henderson) |
-- |
-- |
Hands-On Lockpicking
|
| 5:00-8:00 |
LASCON HAPPY HOUR (Sponsored by Trustwave) |
