1. Thursday October 24, 2013 4:00pm - 4:45pm

    WhiteHat Security Ballroom (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Happy Hour

    The legendary Speed Debates at LASCON! Get your twitters ready to quote our panelists in this edition of the LASCON Speed Debates. Hillarious, fun and the start to our roaring happy hour!

    # vimeo.com/80795423 Uploaded 45 Plays 0 Comments
  2. Thursday October 24, 2013 3:00pm - 3:45pm

    WhiteHat Security Ballroom (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Developer Track

    While working to secure rails applications in a truly Agile development environment, it became clear that the Rails and Ruby ecosystem needed attention from the security community in the form of free and open training, and the events that have transpired this year have only reinforced that belief. RailsGoat is an attempt to bring attention to both the problems that most frequently occur in Rails, solutions for remediation, and common attack scenarios. To accomplish this, we've built a vulnerable Rails application that aligns with the OWASP Top 10 and can be used as a training tool for Rails-based development shops.

    Railsgoat is an OWASP project, addtional details can be found at the following link:

    railsgoat.cktricky.com/

    # vimeo.com/80795422 Uploaded 80 Plays 0 Comments
  3. Thursday October 24, 2013 2:00pm - 2:45pm

    HackersForCharity.org Room (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Attack Track

    Tired of the government being the only entity around that can keep tabs on a whole city at once? Frustrated by dictators du jour knowing more about you than you know about them? Fed up with agents provocateur slipping into your protests, rallies, or golf outings? Suffer no more, because CreepyDOL is here to help! With open-source software, off-the-shelf sensors, several layers of encryption, and a deployment methodology of "pull pin, point toward privacy insurance claimant," it allows anyone to track everyone in a neighborhood, suburb, or city from the comfort of their sofa. You, too can move up from small-time weirding out to the big leagues of total information awareness: deploy CreepyDOL today! This talk will also cover what's changed since July in the CreepyDOL project, the open source release, and a sense of numinous dread.

    # vimeo.com/80794014 Uploaded 80 Plays 0 Comments
  4. Friday October 25, 2013 1:00pm - 1:45pm

    HackersForCharity.org Room (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Mobile Track

    The Android Open Source Project provides software stacks for mobile devices operating on the Android platform. The API provided by this project helps enforce restrictions on specific functions and process which are allowed to operate under the standard Android permission mechanism. Because of the fine-grained permissions of the model, combined with the lack of permissions maps, it is not clear which functions require which permissions to operate. Additionally, due to the constant development in the AOSP and API, required permissions change frequently, creating headaches for application security testers, app developers and security minded Android users.

    During this talk, Andrew Reiter, security researcher, Veracode, will introduce the various methodologies used for building an Android permission map, and discuss the inherent deficiencies in each. The audience will learn why it is important to create a single group responsible for generating a permission map, and why Reiter believes this group should be Google. The discussion will also cover why permission mapping is an important part of securing this ever growing environment.

    # vimeo.com/80811981 Uploaded 377 Plays 0 Comments
  5. Friday October 25, 2013 3:00pm - 3:45pm

    Gemalto Room (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Attack Track

    Imagine having your software associated with virus reports or whitelists when people Google it, or getting angry calls from customers who say it infected their computer, or worse, having it deleted by anti-malware products. This is unfortunately today’s reality.

    Malware is designed to hide and evade detection, and malware authors commonly disguise their software as real applications in their efforts to conceal their activities. In this talk, the attendee will learn how and why malware targets certain applications, and how it takes advantage of software issues to conceal itself. You will walk away from this talk with actionable information that you can put in place in your development process today to avoid becoming tomorrow’s next target.

    The presentation walks the audience through the following key areas:
    • Revealing common exploitation techniques of malware authors
    • The challenges with today’s forensic investigation techniques
    • Creating a secure build environment
    • The realities of code signing
    • Positively identifying your software and third party validation

    # vimeo.com/80820986 Uploaded 82 Plays 0 Comments

LASCON 2013

OWASP PRO

Videos from the presentations at LASCON (Lonestar Application Security Conference), an OWASP regional conference, in Austin, TX in October of 2013.

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.