(coming soon!)
May 2017 (coming soon!) AppSec EU 2017 The Flaws in Hordes, the Security in Crowds
April 2017 (coming soon!) SOURCE Boston 2017 Crowdsourced Security: Uneasy Alliances
November 2016 ISACA Silicon Valley 2016
Fall Conference
Evolving a Bug Bounty Program
October 2016 SOURCE Seattle 2016 Evolving a Bug Bounty Program
(preview on Brakeing Security podcast)
October 2015 SOURCE Seattle 2015 Battling Geologic Time
July 2014 RSA APJ 2014 CDS-W07 – Building and Breaking Privacy Barriers
February 2014 RSA USA 2014 DSP-R04A – Is your browser a User Agent, or a Double Agent?
October 2013 Hack in the Box Kuala Lumpur CSRF Lab & Session Origin Security
September 2013 Hacker Halted USA Using HTML5 to Make JavaScript (Mostly) Harmless
July 2013 BlackHat USA Dissecting CSRF Attacks & Countermeasures
(co-speaker with @tukharian)
May 2013 RVAsec 2013 JavaScript Security & HTML5
(video available)
February 2013 RSA USA 2013 ASEC-F41 – Using HTML5 WebSockets Securely
February 2013 B-Sides San Francisco 2013 JavaScript Security and HTML5
(video available)
December 2012 BayThreat 2012 WebSockets Unplugged
(co-speaker with @sshekyan and @tukharian. video available)
October 2012 RSA Europe 2012 ASEC-303 – Cases of JavaScript Misuse and How to Avoid Them
August 2012 BlackHat USA 2012 Hacking With WebSockets
(co-speaker with @sshekyan and @tukharian)
May 2012 ITWeb Security Summit HTML5 Unbound: A Security & Privacy Drama
Check out the supplemental article, then parts II, III, and IV.
May 2012 OWASP/ISSA Bletchley Park Graveyards & Zombies: How HTML5 Improves Security. Mostly.
October 2011 RSA Europe 2011 ASEC-201 – HTML5 Security Pitfalls
February 2010 RSA USA 2010 SPO1-203 – Does Web 2.0 Need Security 2.0?
January 2006 IT Underground, Berlin 2006 Automating SQL Injection Exploits

(Conference was canceled, but slides were finished.)


March 2017 (coming soon!) A Promethean Struggle slides | video (behind regwall) | notes
February 2017 Out of the AppSec Abyss slides | video (behind regwall) | notes