AppSec California 2014

Confirmed Speakers

Jonboyd

Jon Boyd

Adventures in Reviewing Mountains of Code

Jon Boyd is a Sr. Security Engineer at Security Innovation, where he conducts penetration testing and security assessments on hardened targets. When not looking for vulnerabilities in code, Jon enjoys picking locks and hiking the in Cascades.

8378999104bbfb1e44f9ba59cdf02718

Beau Woods

The Cavalry Is Us: Protecting the public good

Beau Woods is Founder/CEO of Stratigos Security, with over a decade in the IT and Information Security industries. Beau is an active participant in the security community and has contributed to several publications and articles, participating in OWASP and HIMSS mobile security groups. Beau has been ...(continued)

Headshot dan

Dan Kuykendall

7 Deadly Sins: Unlock the Gates of Mobile Hacking Heaven

Dan is a founder of NT OBJECTives and has been with the company for more than 10 years. He is responsible for the strategic direction and development of products and services and works closely with technology partners to make sure integrations are both deep and valuable. As a result of Dan’s dedicat...(continued)

P3w7tqe1sybh8einql08

Robert Rowley

Detecting and Defending Against State-Actor Surveillance.

Robert is an active member of the southern california hacking scene for over the last 10 years. Co-Founding Irvine underground and recently presenting on many topics including Juice Jacking, Web Application Security and more… I am presenting on a personal passion this time, Privacy.

Greg

Greg Disney-Leugers

Mantra OS: Because the World is Cruel

Gregory Disney-Leugers is a security engineer at Hytrust. He attended United Stares Air Force Institute of Technology and Defense Acquisition University. He is the developer of OWASP Mantra OS and The Onion Server.

O8m8znex0q2713v91emx

Valerie Thomas

Confessions of a Social Engineer: Why Developers Are My Favorite Target

Valerie Thomas (hacktress09) is a Senior Information Security Consultant for Securicon LLC that specializes in social engineering and physical penetration testing. After obtaining her bachelor's degree in Electronic Engineering, Valerie led information security assessments for the Defense Informatio...(continued)

8023667f1ef8cfd40d0fef3abe809f63

Marko Gargenta

Android Security Underpinnings

Marko is as of recently the director of Twitter University. Prior to Twitter, Marko co­founded Marakana.com and is the developer of Marakana Android Training series. He has taught Android to 1,000+ developers at companies such as Cisco, Intel, Motorola, Qualcomm, HTC, Sharp, US Department of Defense...(continued)

Haddix

Jack Mannino, Jason Haddix

OWASP Top 10 Mobile Risks: 2014 Reboot

Jason Haddix Jason is also the Director of Penetration Testing at Fortify Software. Jason performs (and trains internal candidates for) mobile penetration testing, black box web application auditing, network/infrastructural security assessments, cursory mainframe security analysis, cloud architectu...(continued)

Nick

Nick Galbreath

libinjection: from SQLi to XSS

Nick Galbreath is Vice President of Engineering at IPONWEB, a world leader in the development of online advertising exchanges. Prior to IPONWEB, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, security, authentication and other enterprise features. Prior to...(continued)

Ari

Ari Elias-Bachrach

CSRF: not all defenses are created equal

Ari has been in infosec for about 10 years. A former penetration tester, he has since migrated over to the defensive side, and spends most of his time working with developers trying to address application security concerns, and trying to bridge the gap between development and security. He can be fou...(continued)

4d6fc45cb875a1a75af7095e94b6ca8c

Lynn Root

PRISM-AS-A-SERVICE: Not Subject to American Law

Software engineer for Spotify, founder of the San Francisco Chapter of PyLadies, board member of the Python Software Foundation. VM breaker, insomniac, coffee addict.

Fde0cdffad28fda6904b3639caedc17b bigger

Jordan M. Bonagura

CSO's myopia

Jordan M. Bonagura is a computer scientist, post graduated in Business Strategic Management, Innovation and Teaching (teaching methodology and research). He works as a teacher and course coordinator. Work too as information security consultant with emphasis to new breaches and its exploration for...(continued)

Huber

Ryan Huber

Running At 99%: Surviving An Application DoS

Ryan is an engineer at Risk I/O, a security Software-as-a-Service company. Prior to Risk I/O he spent the majority of his career at Orbitz.com, where his varied roles included: management of the flight search farm, leader of EU information security at sister site eBookers.com, and finally architect ...(continued)

Zane

Zane Lackey

Attack-Driven defense

Zane Lackey is the Director of Security Engineering at Etsy and a member of the Advisory Council to the US State Department-backed Open Technology Fund. Prior to Etsy, Zane was a Senior Security Consultant at iSEC Partners. He has been featured in notable media outlets such as the BBC, Associated...(continued)

Don

D0n Quix0te

Anatomy of a WebShell

D0n Quix0te is the author and creator of OMENS: A Windows Web Server intrusion detection and monitoring system. He has more than 25 years of experience in architecting, installing, maintaining, and defending high value targets. And he has been involved in the response and analysis of a number of maj...(continued)

Ami

Ami Luttwak

An inconvenient Zeus: The rise of Saas targeted malware

Ami Luttwak is the co-founder and CTO of Adallom, a complete cloud security solution provider for SaaS applications. Prior to that, he was a senior software architect at Phonaris, where he designed the architecture and led the development of the Phonaris agents for the iPhone and Android platforms. ...(continued)

18a1814

Robert Wood

Next Generation Red Teaming

Robert Wood is a Senior Security Consultant at Cigital and leads the development and execution of the red team assessment practice for the firm. Robert has worked with a number of clients spanning from Fortune 100 financial institutions to gaming companies providing security services at every stage ...(continued)

Csp

CSP Peeps

What is CSP and why haven't you applied it yet?

Ian Melven - New Relic Joel Weinberger - Google - Google engineer on Chrome Security, working on CSP and other security features, and former UC Berkeley grad student and security researcher. Caleb Queern - Cyveillance Kenneth Lee - Etsy Scott Behrens - Netflix - Scott Behrens is a senior application...(continued)

Gene

Gene Kim

Why Infosec Needs Rugged DevOps Now: A Fifteen Year Study Of High Performing IT Organizations

Gene Kim is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire for 13 years. He has written three books, including “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win" and “The Visible Ops Handbook.” Gene is a huge fan of IT operations...(continued)

Maty

Maty Siman

Warning Ahead: Security Storms are Brewing in Your JavaScript

Maty is the CTO and founder of Checkmarx. Maty has more than a decade of experience in software development, IT security and source-code analysis. An authoritative figure in application security, Maty is regularly interviewed by the media on security-breaking news and frequently speaks at various IT...(continued)

A07d1a05a20d426e22fa07c5768d68c5

Ken Johnson, Mike McCabe

New Frameworks, Old Problems

Mike ------ Mike McCabe is a senior application security consultant at nVisium Security. In his free time he likes to build and hack on open source projects. He's a big fan of Burp and set -o vi in his bash profile. Mike also serves as a board member for the OWASP NoVa chapter. Ken ----- Ken ...(continued)

Manico

Jim Manico

Web Application Secure Defensive Coding Boot Camp

Jim is a global board member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects.

Jeremiah

Jeremiah Grossman, Matt Johansen

Million Browser Botnet

Jeremiah Grossman founded WhiteHat Security in August 2001 and currently serves as Chief Technology Officer, where he is responsible for Web security R&D and industry outreach. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has be...(continued)

Rsnake

Robert Hansen

Robert Hansen (CISSP) is the Director of Product Management at WhiteHat Security. He's the former Chief Executive of SecTheory and Falling Rock Networks which focused on building a hardened OS. Mr. Hansen began his career in banner click fraud detection at ValueClick. Mr. Hansen has worked for Ca...(continued)

A7132298efa961097a13c36470707698

Rahul Kashyap

Application Sandboxes: Know thy limits

Rahul Kashyap is Chief Security Architect, Head of Security Research at Bromium. Before joining Bromium, he led the worldwide Threat Research teams at McAfee Labs, a wholly owned subsidiary of Intel. Rahul has created and worked on several security technologies that are deployed in highly sensitive ...(continued)

Jbasirico

Joe Basirico

HTML 5 Security

Joe is responsible for managing the professional services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to direct the security consulting team in the delivery of high-­‐quality, impactful risk assessment and remediat...(continued)

1fff0ce2e5a7448cf0ea3d8dfacb37f8

Vaagn Toukharian, Tigran Gevorgyan

HTTP Time Bandit

Bio of Vaagn Toukharian Principal Engineer for Qualys's Web Application Scanner. Was involved with security industry since 1999. Experience includes work on Certification Authority systems, encryption devices, large CAD systems, Web scanners. Outside of work interests include Photography, an...(continued)

Dickson

John Dickson

Can AppSec Training Really Make a Smarter Developer?

John Dickson is a Principal at Denim Group, Ltd. and a CISSP who helps CSOs manage secure software initiatives. He is a Distinguished Fellow of ISSA and one of the civilian advisers to the Air Force Space Command, which organizes, trains and equips cyberspace forces to conduct network defense, attac...(continued)

Jeff

Jeff Williams

AppSec at DevOps Speed and Portfolio Scale

Jeff is a founder and CEO of Contrast Security, an application security technology vendor.  Jeff has over 25 years of security consulting experience and is frequently invited to speak at conferences like JavaOne, BlackHat, AppSecUSA, and others. Jeff served as the Global Chair of the OWASP Foundatio...(continued)

Weinschenk

John Weinschenk

Securing the Software Supply Chain

John Weinschenk is a technology executive who has led several companies to unprecedented success. John's career is marked by an unusually broad background in both engineering and business. John has led technical groups in key security and enterprise software firms, and has brought his in-depth under...(continued)

Fac1ba6cdb2125936e6adfdd19bb7c8d

David Schwartzberg

DIY Command & Control For Fun And *No* Profit

David Schwartzberg is a Senior Security Engineer at Barracuda Networks, specializing in malware, web threats, endpoint and data protection, mobile security, cloud and network security. David has presented at GrrCON, THOTCON, DerbyCon, BSides and several other conferences. David is currently blogging...(continued)

Photo

Ben Walther

Whiz, Bang, ZAP! An introduction to OWASP's Zed Attack Proxy

Ben Walther is a security engineer, with a background consulting and teaching for Symantec, Cigital, and within higher education. He is the co-author of the Web Security Testing Cookbook and an active contributor to OWASP projects.