This year again, we received a large number of submissions (actually over 120 submissions). After many reviews and discussions between members of the program committee, we are able to announce this year’s talks (abstracts, speakers’ bios and other information to come):

  • Abusing JSONP with Rosetta Flash, Michele Spagnuolo
  • Agile Security Testing – Lessons learned, David Vaartjes and Cengiz Han Sahin
  • Application Security of the Belgium electronic voting system, Rob van der Veer
  • Bringing Security Testing to Development: How to Enable Developers to Act as Security Experts, Achim D. Brucker, Stephen Hookings and Dimitar Yanev
  • Can Saas ever be Secure?, Helen McLaughlin
  • Client-side protection against DOM-based XSS done right, Martin Johns, Sebastian Lekies and Ben Stock
  • E-banking transaction authorization – common vulnerabilities, security verification and best practices for implementation, Wojtek Dworakowski
  • Finding Bad Needles on a Worldwide Scale, Dmitry Savintsev
  • Hard knock lessons on bug bounties, Jonathan Cran
  • HTTPS is better than ever before. Now it’s your turn, Jim Manico
  • If 6.000 mobile malware applications could talk. Ow, they do, and a lot!, Matias Madou and Daan Raman
  • Making Security Agile as Development: Adding DevOps and TDD to your security program, Matt Tesauro
  • Maliciously monetizing AppSec “Feature” – It’s all about the $money, Or Katz and Ezra Caltum
  • Mobile Application Assessments By The Numbers: A Whole-istic View, Dan Cornell
  • Naxsi, a web application firewall for NGINX, Koechlin Thibault
  • OWASP CISO Survey Report 2015 – tactical insights for managers, Tobias Gondrom
  • OWASP Top 10 Privacy Risks, Florian Stahl and Stefan Burgmair
  • OWASP ZAP: More Advanced Features, Simon Bennetts
  • PDF – Mess with the Web, Alex Inführ
  • Security and “Modern” Software Deployment, Rory Mccune
  • Security and Insecurity of HTTP Headers, Dirk Wetter
  • Security DevOps – staying secure in agile projects, Christian Schneider
  • Security Touchpoints When Acquiring Software, Carsten Huth, Nadim Barsoum and Dawid Sroka
  • So, you want to use a WebView?, Andrew Lee-Thorp
  • The API Assessment Primer, Jason Haddix
  • The Joy Of Intelligent Proactive Security, Scott Behrens and Andy Hoernecke
  • The Node.js Highway: Attacks are at Full Throttle, Maty Siman and Helen Bravo
  • The Top 10 Web Hacks of 2014, Johnathan Kuskos and Matt Johansen
  • Using a JavaScript CDN that can not XSS you – with Subresource Integrity, Frederik Braun
  • WebRTC, or how secure is p2p browser communication?, Lieven Desmet and Martin Johns

Research track

  • Collective detection of potentially harmful requests directed at web
    sites, Marek Zachara
  • Personal Cloudlets: Implementing a User-Centric Datastore with Privacy
    Aware Access Control for Cloud-based Data Platforms, Donal McCarthy,
    Paul Malone, Johannes Hange, Kenny Doyle, Eric Robson, Dylan Conway,
    Stepan Ivanov, Lukasz Radziwonowicz, Robert Kleinfeld, Theodoros
    Michalareas, Timotheos Kastrinogiannis, Nikos Stasinos and Fenareti
  • Issues and Limitations of Third-party Security Seals, Tom Van Goethem

Thank you all for your submissions, and accepted or not, we hope to see you in May in Amsterdam!