Schedule – Thursday

Open Source Security Showcase is taking place in parallel .

Thursday, August 22, 2013 Friday, August 23 , 2013
Start – End “Freiraum” “Großer Saal”
“Aussichtsreich” HackPra Track
09:00 09:15 Welcome Note and a manual to this conference (Dirk Wetter, Chair) in “Grosser Saal”
09:15 10:00 Keynote in “Großer Saal” Angela Sasse: Busting The Myth of Dancing Pigs: Angela’s Top 10 list of reasons why users bypass security measures
10:00 10:30 OWASP Global Board: OWASP Introduction
11:00 Coffee Break Keynote Jörg Schwenk: Cryptography in Web Security: Stupid, Broken, and maybe Working? 10:45-11:00  
11:00 11:45 Henning Perl, Sascha Fahl, Michael Brenner and Matthew Smith [R] A Qualitative Comparison of SSL Validation Alternatives Amir Alsbih: Experience made in Technical Due Diligence Michele Orru’: Rooting your internals: Inter-Protocol Exploitation, custom shellcode and BeEF
11:50 12:35 Thomas Herlea, Nelis Boucké, Johan Peeters: Recipes for enabling HTTPS Tobias Gondrom: OWASP – CISO Guide and CISO report 2013 for managers Paul Stone: Precision Timing – Attacking browser privacy with SVG and CSS
12:35 13:50 Lunch Break
13:50 14:35 Tal Be’Ery: A perfect CRIME? Only time wil tell Chris Eng, Ryan O’Boyle: From the Trenches: Real-World Agile SDLC Nicolas Grégoire: Burp Pro: Real-life tips and tricks
14:40 15:25 Sascha Fahl, Marian Harbach and Matthew Smith: MalloDroid, Hunting Down Broken SSL in Android Apps Jim Manico: OWASP Top 10 Proactive Controls Roberto Suggi Liverani: Augmented Reality in your Web Proxy
15:25 15:55 Coffee Break
15:55 16:40 Marco Balduzzi, Vincenzo Ciangaglini and Robert McArdle: [R] HTTP(S)-Based Clustering for Assisted Cybercrime Investigations Taras Ivashchenko: Content Security Policy – the panacea for XSS or placebo? Gareth Heyes: XSS Horror Show
Erlend Oftedal: RESTful security
16:45 17:30 Philippe De Ryck, Lieven Desmet, Frank Piessens and Wouter Joosen [R] Improving the Security of Session Management in Web Applications Florian Stahl and Johannes Stroeher: Security Testing Guidelines for mobile Apps Eduardo Vela: Matryoshka
17:35 18:20 Bastian Braun, Christian V. Pollak and Joachim Posegga: A Doorman for Your Home – Control-Flow Integrity Means in Web Frameworks Sreenarayan Ashokkumar: Cracking and Analysis of the Mobile Application Source Code
Ben Stock: Eradicating DNS Rebinding with the Extended Same-Origin Policy
Mario Heiderich: The innerHTML Apocalypse – How mXSS attacks change everything we believed to know so far
 19:00  00:30 Conference Dinner at Can San Diego

Details and Abstracts at
First video icon represents 360p resolution, second 720p.