HackPra Allstars

The organization team of the OWASP Research 2013 conference is glad to announce that this year’s conference will include something unique: The HackPra Allstars Event!

What is HackPra Allstars?

HackPra Allstars is delivering in one full day what the legendary HackPra does in one semester! HackPra Allstars will present the finest, hand selected talks from prolific speakers and top-tier researchers in the field of web-security (and the lack thereof).

You can think of the HackPra Allstars as a conference inside a conference — offering you one day with the most interesting influencers in today’s web application security and in-security.

The HackPra Allstars is a dedicated invited speakers track at the OWASP Research 2013 conference on August 22. The track will be open to all regular attendees of the main conference.


The HackPra Allstars line-up consist of the following gentlemen:

HackPra Allstars Keynote by Prof. Dr. Jörg Schwenk, NDS, RUB

Why you should listen to them

    • Michele Orrù from Sardinia, co-maintainer of the BeEF project, will demonstrate how web-attacks can cross protocol and network boundaries and get access to the most precious data behind them Intranet fences. Prepare for scare.
    • Paul Stone’s talk shows novel ways of extracting data across origin-borders using timing attacks – with SVG and other technologies. One might want to deploy additional HTTP headers after watching this outstanding presentation.
    • Nicolas Grégoire, electronic-sheep-herder from the beautiful South of France will show how to get the most out of Burp Pro during pen-tests. A must see for serious offensive security folks who like to do more than just clicking buttons.
    • Roberto Suggi Liverani will rise from the shadows and present the perfect follow-up to Nicolas’ talk: he will present new techniques to find dangerous bugs in web applications that usually go unnoticed by even the most professional testers.
    • Gareth Heyes, ex-security mercenary from the Scottish Highlands, will present an array of so far unpublished XSS attack techniques. We hired bodyguards to protect him during and after the presentation.
    • Eduardo Vela Nava, living web-security legend, will give a preview on how web attacks will look like after we fixed all the problems we are faced with now. Perfect follow-up after Gareth’s “XSS Horror Show”.
    • Mario Heiderich, heart-breaker, bon vivant and co-organizer of this track will cover them mXSS attacks – HTML injections that break each and every HTML filter and show how hard it is to really effectively protect against XSS exploits if browsers are buggy.

More info

To obtain more information about HackPra Allstars please contact mario@cure53.de or marcus@cure53.de.

HackPra Allstars wouldn’t have been possible without Mario Heiderich arranging
all this, the original home of the HackPra — the Ruhr-University Bochum — and the
generous help of the track sponsors: UbiCrypt, Deutsche Post AG and Cure53.