Loading…
AppSec USA 2016 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Activity [clear filter]
Thursday, October 13
 

9:30am

OWASP Bug Bounty for projects
In June 2016, we started the OWASP Bug Bounty for projects initiative, where security researchers can actually submit their findings on the participant OWASP projects through the BugCrowd platform. 

Many developers and companies looking to implement security are turning towards OWASP to use Defender libraries that they can implement to secure their critical applications. Since this implies a form of trust in OWASP, many users of these projects might forget or not be aware that many of them are Open Source and lack an expected security assurance review, which at the moment is not done by OWASP.

Testing web applications for security can be a challenging task. But testing that security control libraries are robust in the face of attack is an even more difficult challenge for even the most sophistical assessment professionals. 

BugCrowd provides their platform and services to allow OWASP projects conduct specific Bug Bounty programs for Defender category projects but also, any other Code Project that needs to be installed and could create vulnerabilities in the installed computer.

The following projects are part of OWASP Bug Bounty:

We want to promote and spread the word regarding our Bug Bounty program. The activity we want to plan during the APPSEC US 2016, involves an OWASP Bug Bash similar to the one organised in APPSEC  2013 but only with OWASP projects part of the Bounty program, where we provide a deployed server with the applications.

Thursday October 13, 2016 9:30am - 11:30am
Meeting Room 2

3:00pm

Securing the Electronic Frontier

From light bulbs to drones, sophisticated technology is integrated into nearly every aspect of our lives. Today, nearly everyone is technologically curious if not active in a maker or hackerspace. The world is, essentially, a security researcher’s dream.  The ease with which devices can now be altered also makes some companies uncomfortable or eager to profit off of user generated content.  Mediating these competing needs is the law, written largely for generations-old technology by political bodies not conversant in the nuances of bleeding edge tech.

Enter DRM, which can be used to prevent your devices from completing legal tasks or punish researchers who seek to secure them. OWASP is proud to offer you a chance to speak with the EFF’s Cory Doctorow about their current lawsuit and the intersection of security research and DRM. The second half of the one hour session will be opened up to a Q&A by the audience.  

Speakers
avatar for Cory Doctorow

Cory Doctorow

Writer, Boing Boing
Cory Doctorow (craphound.com) is a science fiction novelist, blogger and technology activist. He is the co-editor of the popular weblog Boing Boing (boingboing.net), and a contributor to many magazines, websites and newspapers. He is a special consultant to the Electronic Frontier... Read More →


Thursday October 13, 2016 3:00pm - 4:00pm
Meeting Room 2