(coming soon!)
June 2017 (coming soon!) RVASec 2017 Managing Crowdsourced Security Testing
May 2017 (coming soon!) AppSec EU 2017 The Flaws in Hordes, the Security in Crowds
April 2017 (coming soon!) SOURCE Boston 2017 Crowdsourced Security — The Good, the Bad, and the Ugly
November 2016 ISACA Silicon Valley 2016
Fall Conference
Evolving a Bug Bounty Program
October 2016 SOURCE Seattle 2016 Evolving a Bug Bounty Program

(preview on Brakeing Security podcast)

October 2015 SOURCE Seattle 2015 Battling Geologic Time
July 2014 RSA APJ 2014 CDS-W07 – Building and Breaking Privacy Barriers
February 2014 RSA USA 2014 DSP-R04A – Is your browser a User Agent, or a Double Agent?
October 2013 Hack in the Box Kuala Lumpur CSRF Lab & Session Origin Security
September 2013 Hacker Halted USA Using HTML5 to Make JavaScript (Mostly) Harmless
July 2013 BlackHat USA Dissecting CSRF Attacks & Countermeasures

(co-speaker with @tukharian)

May 2013 RVAsec 2013 JavaScript Security & HTML5

(video available)

February 2013 RSA USA 2013 ASEC-F41 – Using HTML5 WebSockets Securely
February 2013 B-Sides San Francisco 2013 JavaScript Security and HTML5

(video available)

December 2012 BayThreat 2012 WebSockets Unplugged

(co-speaker with @sshekyan and @tukharian. video available)

October 2012 RSA Europe 2012 ASEC-303 – Cases of JavaScript Misuse and How to Avoid Them
August 2012 BlackHat USA 2012 Hacking With WebSockets

(co-speaker with @sshekyan and @tukharian)

May 2012 ITWeb Security Summit HTML5 Unbound: A Security & Privacy Drama

(Check out the supplemental article, then parts II, III, and IV.)

May 2012 OWASP/ISSA Bletchley Park Graveyards & Zombies: How HTML5 Improves Security. Mostly.
October 2011 RSA Europe 2011 ASEC-201 – HTML5 Security Pitfalls
February 2010 RSA USA 2010 SPO1-203 – Does Web 2.0 Need Security 2.0?
January 2006 IT Underground, Berlin 2006 Automating SQL Injection Exploits

(Conference was canceled, but slides were finished.)


March 2017 A Promethean Struggle —
PCI’s Lessons for Passwords
slides | video (behind regwall) | notes
February 2017 Out of the AppSec Abyss —
What’s making modern appsec effective?
slides | video (behind regwall) | notes