• Most recent
• Conferences
• For organizers
• The rig
• Buy me a Mate
• Search
• Fundraiser
• Bluesky

• 2017

OWASP AppSec.EU 2017

• 

  ►

  Conference Opening Address
  - Gary Robinson
• 

  ►

  The Gift Of Feedback
  - Shannon Lietz
• 

  ►

  Boosting The Security Of Your Angular 2 Application
  - Philippe De Ryck
• 

  ►

  Making Vulnerability Management Suck Less With The New OWASP Project, DefectDojo
  - Greg Anderson
• 

  ►

  What Is A DevSecOps Engineer?
  - Helen Beal
• 

  ►

  Embedding GDPR Into The SDLC
  - Sebastien Deleersnyder and Siebe De Roovere
• 

  ►

  Security And The Self-Contained Unit Of Software
  - Gareth Rushgrove
• 

  ►

  Don't Trust The DOM: Bypassing XSS Mitigations Via Script Gadgets
  - Sebastian Lekies
• 

  ►

  Don't Get Caught Em-bed: Fighting And Preventing Vulnerabilities At Its Lowest Level
  - Aaron Guzman
• 

  ►

  I Am Not A Robot: Job Security In A DevSecOps World
  - Correy Voo
• 

  ►

  Threat Modeling with PASTA: Risk Centric Application Threat Modeling Case Studies
  - Tony UcedaVélez
• 

  ►

  Bot Or Not? Mitigating Automated Threats To Web Applications
  - Bastian Braun
• 

  ►

  Improving The Security Of Software Defined Infrastructures
  - Theodoor Scholte
• 

  ►

  The Key Under The Doormat: Design Flaws And Vulnerabilities In Android Password Manager Applications
  - Steven Arzt and Stephan Huber
• 

  ►

  So We Broke All CSPs... You Won't Guess What Happened Next
  - Michele Spagnuolo
• 

  ►

  The Flaws In Hordes, The Security In Crowds
  - Mike Shema
• 

  ►

  Creating A Buzz Tales Of Building Wordpress Honeypots At Scale
  - Claire Burn
• 

  ►

  An SDLC For The DevSecOps Era
  - Zane Lackey
• 

  ►

  OWASP Juice Shop: Achieving Sustainability For Open Source Projects
  - Björn Kimminich
• 
  Become A 'Capture The Flag' Star: Part 1
  - Nanne Baars and Jason White
• 

  ►

  Requirements Gathering For Succesful DevSecOps Pipeline
  - Aaron Volkman and Hasan Yasar
• 

  ►

  The Dark Side Of Search Engines Optimizations Campaigns
  - Or Katz
• 

  ►

  Is Softare Eating Security? How Disruption Has Hit Security And How To Survive The "Tidal Forces"
  - Dave Anderson
• 

  ►

  Integrating Security In Agile Projects
  - Elena Kravchenko and Efrat Wasserman
• 

  ►

  Printer Security
  - Jens Müller and Vladislav Mladenov
• 
  Become A 'Capture The Flag' Star: Part 2
  - Nanne Baars and Jason White
• 

  ►

  The Evil Friend In Your Browser
  - Achim D. Brucker and Michael Herzberg
• 

  ►

  CSP Pitfalls And Gotchas
  - Ilya Nesterov
• 

  ►

  2017: Rise Of The Machines
  - Kev D'Arcy,Nicholas Raite and Rohini Sulatycki
• 

  ►

  Long Term Study On SSL/TLS Certificates
  - Enrico Branca
• 

  ►

  Secure DevOps Journey: A How-To Guide
  - Peter Chestna
• 

  ►

  Introducing The OWASP ModSecurity Core Rule Set 3.0
  - Christian Folini
• 

  ►

  Knowing Is Only Half The Battle
  - Gregory Shapiro
• 
  DevSecOps Review: Take Aways From Todays Sessions
  -
• 

  ►

  Looking Back To Look Ahead
  - Brian Honan
• 

  ►

  What The Kidnapping And Ransom Economy Teaches Us About Ransomware
  - Jeremiah Grossman
• 

  ►

  Pentesting Voice Biometrics Solutions
  - Jakub Kaluzny
• 

  ►

  How To Lead Better Security Through Our Mini Hardening Project
  - Kazuki Tsubo
• 

  ►

  The DevSecOps Playbook From A Practitioner's Perspective
  - Shannon Lietz
• 

  ►

  Incremental Threat Modeling
  - Irene Michlin
• 

  ►

  DevSecOps: A Rose By Any Other Name Would Smell Sweeter
  - Nigel Kersten
• 

  ►

  How To Steal Mobile Wallet? Mobile Contactless Payment Apps Attack And Defense
  - Wojtek Dworakowski and Slawomir Jasek
• 

  ►

  Security Best Practices In Azure Cloud
  - Viktorija Almazova
• 

  ►

  Pushing Left Like A Boss: Application Security Foundations
  - Tanya Janca
• 

  ►

  How To Put The Sec In DevOps
  - Helen Bravo
• 

  ►

  AngularJS + CSP: A Perfect Match Or Unhappy Marriage
  - David Johansson
• 

  ►

  Security In The Land Of Microservices
  - Jack Mannino
• 

  ►

  Exploiting CORS Misconfigurations For Bitcoins And Bounties
  - James Kettle
• 

  ►

  Fixing Mobile AppSec: The OWASP Mobile Project
  - Bernhard Mueller and Sven Schleier
• 

  ►

  Could A Few Lines Of Code F!#ck It All Up!
  - Erez Yalon
• 

  ►

  Increasing Web Apps Security With The Power Of Headers
  - Jose Manuel Ortega
• 

  ►

  Don't Learn, Don't See, Don't Run: Application Security For DevSecOps
  - Joseph Feiman
• 

  ►

  Analysis And Detection Of Authentication Cross-Site Request Forgery
  - Luca Compagna and Avinash Sudhodanan
• 

  ►

  The Path Of Secure Software
  - Katy Anton
• 

  ►

  Securing The Continuous Integration Process
  - Irene Michlin
• 

  ►

  An Introduction To Quantum-Safe Cryptography
  - Gavin McWilliams
• 

  ►

  How To Ensure That No One Wants To Work With You...
  - Siren Hofvander
• 

  ►

  Monitoring Attack Surface And Integrating Security Into DevOps Pipelines
  - Dan Cornell
• 

  ►

  Preventing 10 Common Security Mistakes In The MEAN Stack
  - David Bohannon
• 

  ►

  DNS Hijacking Using Cloud Providers: No Verification Needed
  - Frans Rosén
• 
  AppSec Panel: Diversity
  -
• 

  ►

  The Next Generation In Biometrics - ECG
  - Adrian Condon
• 

  ►

  DevSec: Continuous Patch And Security Assessment With Inspec
  - Christoph Hartmann
• 

  ►

  On The (In-)Security Of JavaScript Object Signing And Encryption
  - D. Detering,C. Mainka and V. Mladenov
• 

  ►

  Combining The Security Risks Of Native And Web Development Hybrid Apps
  - Achim D. Brucker and Michael Herzberg
• 

  ►

  Creating An AppSec Pipeline With Containers In A Week: How We Failed And Succeeded
  - Jeroen Willemsen
• 

  ►

  Dangerous Optimizations And The Loss Of Causality
  - Robert C. Seacord
• 

  ►

  DevSecOps Roundup: An Overview Of The Current State Of DevSecOps
  -
• 

  ►

  Everything Is Quantum!
  - Jaya Baloo
• 

  ►

  Conference Closing Address
  - Gary Robinson