Thank you Fazli. On Thu, Jul 15, 2010 at 1:03 PM, Mohd Fazli Azran <[email protected]>wrote:
> Dear Members, > > Here the list of slide that i compile from OWASP AppSec Research > 2010, Stockholm, Sweden. Please download it for your information. Please > spread to the people about this.Thanks > > Welcome Remark: > 1) John Wilander & OWASP Global Board Members - Welcome to OWASP AppSec > Research 2010 > Conference<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Opening_Talk_by_Wilander.pdf> > > Keynote : > 1) *Chris Evans, Information Security Engineer, and Ian Fette, Product > Manager for Chrome Security, Google - *Cross-Domain Theft and the Future > of Browser > Security<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Keynote_1_by_Evans_and_Fette.pdf> > 2) *Steve Lipner, Senior Director of Security Engineering Strategy, > Microsoft Corporation - *The Security Development Lifecycle - The Creation > and Evolution of a Security Development > Process<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Keynote_2_by_Lipner.pdf> > > Track: > 1) *Henrich Christopher Poehls, University of Passau - *BitFlip: Determine > a Data's Signature Coverage from Within the > Application<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_BitFlip_by_Poehls.pdf> > 2) *Lieven Desmet and Philippe De Ryck, Katholieke Universiteit Leuven - > *CsFire: > Browser-Enforced Mitigation Against > CSRF<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_CsFire_by_Desmet_and_DeRyck.pdf> > <http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#CsFire:_Browser-Enforced_Mitigation_Against_CSRF> > 3) *Chris Eng, Veracode - *Deconstructing > ColdFusion<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Deconstructing_ColdFusion_by_Eng.pdf> > > 4) *M Decat, P De Ryck, L Desmet, F Piessens, W Joosen, Katholieke > Universiteit Leuven - *Towards Building Secure Web > Mashups<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Secure_Mashups_by_DeRyck.pdf> > > <http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#Towards_Building_Secure_Web_Mashups> > 5) *Marco Balduzzi, Eurecom - *New Insights into > Clickjacking<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Clickjacking_by_Balduzzi.pdf> > <http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#New_Insights_into_Clickjacking> > 6) *Ivan Ristic, Qualys - *How to Render SSL > Useless<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/Ivan_Ristic_-_Breaking_SSL_-_OWASP.pdf> > > 7) *Gustav Rydstedt, Stanford Web Security Research - *Busting Frame > Busting<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Busting_Frame_Busting_by_Rydstedt.pdf> > > 8) *Christian Hang and Lars Andren, Armorize Technologies - *Web > Frameworks and How They Kill Traditional Security Scanning > <http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Frameworks_Security_by_Hang.pdf> > 9) *Michael Boman, Omegapoint - *The State of SSL in the World > <http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_State_of_SSL_by_Boman.pdf> > 10) *Sergio Maffeis, Imperial College, London - *Object Capabilities and > Isolation of Untrusted Web > Applications<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Obj_Capabilities_by_Maffeis.pdf> > <http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#.28New.29_Object_Capabilities_and_Isolation_of_Untrusted_Web_Applications> > 11) *Jasvir Nagra and Mike Samuel, Google - *Beyond the Same-Origin > Policy<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Beyond_SOP_by_Nagra_and_Samuel.pdf> > > 12) *Komal Randive, Symantec - *SmashFileFuzzer - a New File Fuzzer Tool > <http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Smash_File_Fuzzer_by_Randive.pdf> > 13) *Dan Bergh Johnsson, Omegapoint - *Value Objects a la Domain-Driven > Security: A Design Mindset to Avoid SQL Injection and Cross-Site Scripting > <http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_VOs_a_la_DDS_by_Johnsson.pdf> > 14) *Michael Schrank and Bastian Braun, University of Passau, Martin > Johns, SAP Research - *Session Fixation - the Forgotten Vulnerability? > <http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Session_Fixation_by_Schrank_Braun_Johns_and_Poehls.pdf> > 15) *Pravir Chandra, Fortify - *The Anatomy of Real-World Software > Security > Programs<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_OpenSAMM_by_Chandra.pdf> > 16) *Juan José Conti, Universidad Tecnológica Nacional **Alejandro Russo, > Chalmers Univ. of Technology - *A Taint Mode for Python via a > Library<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Taint_Mode_for_Python_by_Conti_and_Russo.pdf> > 17) *Nick Coblentz, OWASP Kansas City Chapter and AT&T Consulting - > *Microsoft's > Security Development Lifecycle for Agile > Development<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Microsoft_SDL_Agile_by_Coblentz.pdf> > 18) *Bradley Anstis and Vadim Pogulievsky, M86 Security - *Detecting and > Protecting Your Users from 100% of all Malware - > How?<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Detecting_100%_Malware_by_Anstis_Pogulievsky.pdf> > 19) *Michael Craigue, Dell - *Secure Application Development for the > Enterprise: Practical, Real-World > Tips<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Real-World_Tips_by_Craigue.pdf> > 20) *Cassio Goldschmidt, Symantec - *Responsibility for the Harm and Risk > of Software Security > Flaws<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Responsibility_for_Sec_Flaws_by_Goldschmidt.pdf> > 21) *Thomas Jensen and David Pichardie, INRIA Rennes - Bretagne Atlantique > - *Secure the Clones: Static Enforcement of Policies for Secure Object > Copying<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Secure_Cloning_by_Jensen.pdf> > 22) *Antti Vähä-Sipilä, Nokia - *Product Security Management in Agile > Product > Management<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf> > 23) *Tom Brennan, WhiteHat Security and OWASP Foundation - *Hacking by > Numbers<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Hacking_by_Numbers_by_Brennan.pdf> > 24) *Jonas Magazinius, Phu H. Phung, and David Sands, Chalmers Univ. of > Technology - S <http://goog_1243296956>*afe Wrappers and Sane Policies for > Self Protecting > JavaScript<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Safe_Wrappers_by_Magazinius.pdf> > 25) *Chris Eng, Veracode - *Application Security Scoreboard in the > Sky<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Appsec_Scoreboard_by_Eng.pdf> > 26) *Johan Lindfors and Dag König, Microsoft - *Security Toolbox for .NET > Development and > Testing<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_NET_Toolbox_by_Lindfors_and_Konig.pdf> > 27) *Wendel G. Henrique and Steve Ocepek, Trustwave - *Owning Oracle: > Sessions and > Credentials<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_Owning_Oracle_by_Henrique_and_Ocepek.pdf> > 28) *David Lindsay, Cigital **Eduardo Vela Nava, sla.ckers.org - *Cross-Site > Location Jacking > (XSLJ)<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_Appsec_Research_2010_Redirects_XSLJ_by_Sirdarckcat_and_Thornmaker.pdf> > 29) *Dave Wichers, Aspect Security and OWASP Foundation - * > OWASP_Top_10_2010<http://www.owasp.my/OWASP/AppSecResearch2010/Sweden/OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf> > > > Regards, > Mohd Fazli Azran > OWASP Malaysia Chapter Leader > [image: OWASP Malaysia] <http://www.owasp.org/Malaysia> > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > -- Danny 013 802 1911
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
