OWASP - User contributions [en]

Front Range OWASP Conference 2013/Archive

2013-06-17T16:18:23Z

Jess Garrett:

====2013 presentations====

[https://vimeo.com/68058106 Keynote Address: Data Protection for the 21st Century] 
[https://vimeo.com/68058105 Panel Discussion] 
 
'''Technical Track''' 
DevFu: The inner ninja in every application developer
*[[Media:Chrastil.pptx | Slides]]
*[https://vimeo.com/68082818 Video]
Adventures in Large Scale HTTP Header Abuse 
*[[Media:Wolff.pptx | Slides]]
*[https://vimeo.com/68071431 Video]
Angry Cars: Hacking the "Car as Platform" 
*[[Media:Weaver.pdf | Slides]]
*[https://vimeo.com/68071432 Video]
DevOps and Security: It's Happening. Right Now. 
*[[Media:Bravo.pptx | Slides]]
*[https://vimeo.com/68335259 Video]
Real World Cloud Application Security 
*[[Media:Chan.pptx | Slides]]
*[https://vimeo.com/68082826 Video]
 
'''Deep-Dive Track''' 
SIP Based Cloud Instances 
*[[Media:Disney-Leugers.odp | Slides]]
*[https://vimeo.com/68091563 Video]
How Malware Attacks Web Applications 
*[[Media:Smith.pdf | Slides]]
*[https://vimeo.com/68107330 Video]
Top Ten Web Application Defenses 
*[[Media:Manico.pdf | Slides]]
*[https://vimeo.com/68091564 Video]
A Demo of and Preventing XSS in .NET Applications 
*[[Media:Conklin.pptx | Slides]]
*[https://vimeo.com/68069847 Video]
Data Mining a Mountain of Zero-Day Vulnerabilities 
*[[Media:Brady.pdf | Slides]]
*[https://vimeo.com/68107333 Video]
 
'''Management Track''' 
Digital Bounty Hunters - Decoding Bug Bounty Programs 
*[[Media:Rose.pdf | Slides]]
*[https://vimeo.com/68107340 Video]
Linking Security to Business Value in the Customer Service Industry 
*[[Media:Rojas.pdf | Slides]]
*[https://vimeo.com/68111318 Video]
Using SaaS and the Cloud to Secure the SDLC 
*[[Media:Earle.pptx | Slides]]
*[https://vimeo.com/68111315 Video]
Measuring Security Best Practices With Open SAMM 
*[[Media:Jex.ppt | Slides]]
*[https://vimeo.com/68082823 Video]
Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix) 
*[[Media:McCoy.pdf | Slides]]
*[https://vimeo.com/68071440 Video]
 
'''Legal Track''' 
Electronic Discovery for System Administrators 
*[[Media:Shumway.pptx | Slides]]
*[https://vimeo.com/68142345 Video]
Legal Issues of Forensics in the Cloud 
*[[Media:Willson.pdf | Slides]]
*[https://vimeo.com/68082821 Video]
CISPA: Why Privacy Advocates Hate This Legislation 
*[[Media:Feinroth.pptx | Slides]]
*[https://vimeo.com/68071433 Video]
Crafting a Plan for When Security Fails 
*[[Media:Lelewski.pdf | Slides]]
*[https://vimeo.com/68071439 Video]
Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem 
*[[Media:Glanville.pptx | Slides]]
*[https://vimeo.com/68082819 Video]
 
====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Schedule

2013-06-17T15:53:52Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)'' [https://vimeo.com/68058106 Video]
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]] [https://vimeo.com/68082818 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]] [https://vimeo.com/68091563 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]'' [[Media: Rose.pdf | Slides]] [https://vimeo.com/68107340 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]] [https://vimeo.com/68142345 Video]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]] [https://vimeo.com/68071431 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]] [https://vimeo.com/68107330 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]'' [[Media: Rojas.pdf | Slides]] [https://vimeo.com/68111318 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]] [https://vimeo.com/68082821 Video]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]'' [[Media: Weaver.pdf | Slides]] [https://vimeo.com/68071432 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]'' [[Media: Manico.pdf | Slides]] [https://vimeo.com/68091564 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]] [https://vimeo.com/68111315 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]] [https://vimeo.com/68071433 Video]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]] [https://vimeo.com/68335259 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]] [https://vimeo.com/68069847 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]] [https://vimeo.com/68082823 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]] [https://vimeo.com/68071439 Video]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]] [https://vimeo.com/68082826 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]] [https://vimeo.com/68107333 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]] [https://vimeo.com/68071440 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]] [https://vimeo.com/68082819 Video]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Wilson|Dan Wilson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
[https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Schedule

2013-06-17T15:52:23Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)'' [https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]] [https://vimeo.com/68082818 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]] [https://vimeo.com/68091563 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]'' [[Media: Rose.pdf | Slides]] [https://vimeo.com/68107340 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]] [https://vimeo.com/68142345 Video]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]] [https://vimeo.com/68071431 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]] [https://vimeo.com/68107330 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]'' [[Media: Rojas.pdf | Slides]] [https://vimeo.com/68111318 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]] [https://vimeo.com/68082821 Video]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]'' [[Media: Weaver.pdf | Slides]] [https://vimeo.com/68071432 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]'' [[Media: Manico.pdf | Slides]] [https://vimeo.com/68091564 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]] [https://vimeo.com/68111315 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]] [https://vimeo.com/68071433 Video]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]] [https://vimeo.com/68335259 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]] [https://vimeo.com/68069847 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]] [https://vimeo.com/68082823 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]] [https://vimeo.com/68071439 Video]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]] [https://vimeo.com/68082826 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]] [https://vimeo.com/68107333 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]] [https://vimeo.com/68071440 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]] [https://vimeo.com/68082819 Video]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Wilson|Dan Wilson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
[https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Presentations/DevOps

2013-06-17T15:51:04Z

Jess Garrett:

===DevOps and Security: It's Happening. Right Now.===

How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be released? Traditional application security tools which require lengthy periods of configuration, tuning and application learning have become irrelevant in these fast-pace environments. Yet, falling back only on the secure coding practices of the developer cannot be tolerated.

Secure coding requires a new approach where security tools become part of the development environment – and eliminate any unnecessary code analysis overhead. By collaborating with development teams, understanding their needs and requirements, you can pave the way to a secure deployment in minutes. Steps include:

* Re-evaluate existing security tools and consider their integration within a CD environment
* Deliver a secured development framework and enforce its usage
* Pinpoint precise security code flaws and provide optimal fix recommendations

[[Media:Bravo.pptx | Slides]]
[https://vimeo.com/68335259 Video]

Front Range OWASP Conference 2013/Schedule

2013-06-11T17:54:28Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)'' [https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]] [https://vimeo.com/68082818 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]] [https://vimeo.com/68091563 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]'' [[Media: Rose.pdf | Slides]] [https://vimeo.com/68107340 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]] [https://vimeo.com/68142345 Video]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]] [https://vimeo.com/68071431 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]] [https://vimeo.com/68107330 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]'' [[Media: Rojas.pdf | Slides]] [https://vimeo.com/68111318 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]] [https://vimeo.com/68082821 Video]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]'' [[Media: Weaver.pdf | Slides]] [https://vimeo.com/68071432 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]'' [[Media: Manico.pdf | Slides]] [https://vimeo.com/68091564 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]] [https://vimeo.com/68111315 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]] [https://vimeo.com/68071433 Video]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]] [https://vimeo.com/68069847 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]] [https://vimeo.com/68082823 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]] [https://vimeo.com/68071439 Video]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]] [https://vimeo.com/68082826 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]] [https://vimeo.com/68107333 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]] [https://vimeo.com/68071440 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]] [https://vimeo.com/68082819 Video]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Wilson|Dan Wilson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
[https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Schedule

2013-06-11T17:54:03Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)'' [https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]] [https://vimeo.com/68082818 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]] [https://vimeo.com/68091563 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]'' [[Media: Rose.pdf | Slides]] [https://vimeo.com/68107340 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]]<>[https://vimeo.com/68142345 Video]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]] [https://vimeo.com/68071431 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]] [https://vimeo.com/68107330 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]'' [[Media: Rojas.pdf | Slides]] [https://vimeo.com/68111318 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]] [https://vimeo.com/68082821 Video]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]'' [[Media: Weaver.pdf | Slides]] [https://vimeo.com/68071432 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]'' [[Media: Manico.pdf | Slides]] [https://vimeo.com/68091564 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]] [https://vimeo.com/68111315 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]] [https://vimeo.com/68071433 Video]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]] [https://vimeo.com/68069847 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]] [https://vimeo.com/68082823 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]] [https://vimeo.com/68071439 Video]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]] [https://vimeo.com/68082826 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]] [https://vimeo.com/68107333 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]] [https://vimeo.com/68071440 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]] [https://vimeo.com/68082819 Video]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Wilson|Dan Wilson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
[https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Archive

2013-06-11T17:53:43Z

Jess Garrett:

====2013 presentations====

[https://vimeo.com/68058106 Keynote Address: Data Protection for the 21st Century] 
[https://vimeo.com/68058105 Panel Discussion] 
 
'''Technical Track''' 
DevFu: The inner ninja in every application developer
*[[Media:Chrastil.pptx | Slides]]
*[https://vimeo.com/68082818 Video]
Adventures in Large Scale HTTP Header Abuse 
*[[Media:Wolff.pptx | Slides]]
*[https://vimeo.com/68071431 Video]
Angry Cars: Hacking the "Car as Platform" 
*[[Media:Weaver.pdf | Slides]]
*[https://vimeo.com/68071432 Video]
DevOps and Security: It's Happening. Right Now. 
*[[Media:Bravo.pptx | Slides]]
Real World Cloud Application Security 
*[[Media:Chan.pptx | Slides]]
*[https://vimeo.com/68082826 Video]
 
'''Deep-Dive Track''' 
SIP Based Cloud Instances 
*[[Media:Disney-Leugers.odp | Slides]]
*[https://vimeo.com/68091563 Video]
How Malware Attacks Web Applications 
*[[Media:Smith.pdf | Slides]]
*[https://vimeo.com/68107330 Video]
Top Ten Web Application Defenses 
*[[Media:Manico.pdf | Slides]]
*[https://vimeo.com/68091564 Video]
A Demo of and Preventing XSS in .NET Applications 
*[[Media:Conklin.pptx | Slides]]
*[https://vimeo.com/68069847 Video]
Data Mining a Mountain of Zero-Day Vulnerabilities 
*[[Media:Brady.pdf | Slides]]
*[https://vimeo.com/68107333 Video]
 
'''Management Track''' 
Digital Bounty Hunters - Decoding Bug Bounty Programs 
*[[Media:Rose.pdf | Slides]]
*[https://vimeo.com/68107340 Video]
Linking Security to Business Value in the Customer Service Industry 
*[[Media:Rojas.pdf | Slides]]
*[https://vimeo.com/68111318 Video]
Using SaaS and the Cloud to Secure the SDLC 
*[[Media:Earle.pptx | Slides]]
*[https://vimeo.com/68111315 Video]
Measuring Security Best Practices With Open SAMM 
*[[Media:Jex.ppt | Slides]]
*[https://vimeo.com/68082823 Video]
Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix) 
*[[Media:McCoy.pdf | Slides]]
*[https://vimeo.com/68071440 Video]
 
'''Legal Track''' 
Electronic Discovery for System Administrators 
*[[Media:Shumway.pptx | Slides]]
*[https://vimeo.com/68142345 Video]
Legal Issues of Forensics in the Cloud 
*[[Media:Willson.pdf | Slides]]
*[https://vimeo.com/68082821 Video]
CISPA: Why Privacy Advocates Hate This Legislation 
*[[Media:Feinroth.pptx | Slides]]
*[https://vimeo.com/68071433 Video]
Crafting a Plan for When Security Fails 
*[[Media:Lelewski.pdf | Slides]]
*[https://vimeo.com/68071439 Video]
Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem 
*[[Media:Glanville.pptx | Slides]]
*[https://vimeo.com/68082819 Video]
 
====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Presentations/eDiscovery

2013-06-11T17:50:57Z

Jess Garrett:

===Electronic Discovery for System Administrators===

As the Federal Rules of Evidence have evolved over the last several years, and as the volume of information in digital format has overtaken traditional printed media, electronic discovery had become more important than traditional paper-based discovery in litigation. While vendors can help with production, system administrators play a key role in the acquisition and production of Electronically Stored Information (ESI).

This presentation is designed to present an overview of the discovery process, explain how it differs from traditional computer forensics, and offer tips for administrators and managers to better assist in the production of ESI in the event of litigation (and hopefully to reduce the costs associated with production).

[[Media:Shumway.pptx | Slides]]
[https://vimeo.com/68142345 Video]

Front Range OWASP Conference 2013/Presentations/ZeroDays

2013-06-11T17:50:26Z

Jess Garrett:

===Data Mining a Mountain of Zero Day Vulnerabilities===

Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. This presentation evaluates an anonymized vulnerability data set derived from static binary analysis on thousands of applications belonging to large enterprises, commercial software vendors, open source projects, and software outsourcers.

By mining this data we can answer some interesting questions. What types of mistakes do developers make most often? Are we making any progress at eradicating XSS and SQL injection? How long does it really take to remediate software vulnerabilities? How secure are third party software components?

The discussion will answer these questions and many others, giving you a deep dive into metrics not found anywhere else.

[[Media:Brady.pdf | Slides]]
[https://vimeo.com/68107333 Video]

Front Range OWASP Conference 2013/Presentations/XSSdotNET

2013-06-11T17:50:07Z

Jess Garrett:

===A Demo of and Preventing XSS in .NET Applications===

This presentation will cover a variety of approaches toward discovering XSS vulnerabilities in .NET applications, including:
* Microsoft's Web Protection Library/AntiXSS
* OWASP's AntiSamy.NET project
* CAT.Net

[[Media:Conklin.pptx | Slides]]
[https://vimeo.com/68069847 Video]

Front Range OWASP Conference 2013/Presentations/TopTen

2013-06-11T17:49:47Z

Jess Garrett:

===Top Ten Web Application Defenses===

We cannot 'firewall' or 'patch' our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day.

Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently.

This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.

[[Media:Manico.pdf | Slides]]
[https://vimeo.com/68091564 Video]

Front Range OWASP Conference 2013/Presentations/SaaS

2013-06-11T17:49:22Z

Jess Garrett:

===Using SaaS and the Cloud to Secure the SDLC===

This session will cover Software as a Service (SaaS) offerings and how they can be effectively utilized in web security development efforts. Over the last few years, cloud services (i.e. SaaS) have been increasingly used as both a starting point for application security efforts and as a full outsourcing of the appsec program. However, by the very nature of cloud outsourcing and delivery, it is difficult to evolve this approach into a mature secure development lifecycle. Developer involvement is a necessity, and the solution has been to bring vulnerability assessment technologies in house. But recently, organizations have started to deploy a mixture of on-premise and cloud appsec solutions as an alternative to the all or nothing paradigm of on-premise or SaaS.

Topics covered include:
* Overview of vulnerability assessment using SaaS
* Overview of on-premise vulnerability scanning in the SDLC
* Challenges of on-premise and SaaS implementations
* Private cloud variations of on-premise and SaaS offerings
* Hybrid on-premise/cloud implementations in the SDLC
* Use of automation and integration with development infrastructure to ease developer adoption of on-premise/cloud appsec implementations
* How organizations can use SaaS to get started with application security and mature into a robust software security assurance program featuring on-premise and cloud deployments.

[[Media:Earle.pptx | Slides]]
[https://vimeo.com/68111315 Video]

Front Range OWASP Conference 2013/Presentations/SIP

2013-06-11T17:48:57Z

Jess Garrett:

===SIP-Based Cloud Instances===

This presentation will demonstrate the practical applications of SIP protocol for local cloud instances and how to create secure connections the cloud using SIP forwarding. Further it will present methods of securing cloud and data by using a Linux firmware router to host local based cloud domains, as well as showing secure methods of deploying these systems. In addition, the talk will show secure methods of using PHP and databases using Sqlite and MongoDB while using distributing computing between a Linux server and a Linux based firmware network appliance.

Several practical applications presented will include:
* Using Cloud-based SIP as replacement for Samba for file sharing in a corporate environment with S3 and WebDAV
* Creating a local domain such https://cloud.router.sip.com
* Connecting to the cloud from a mobile phone using SIP forwarding with SSL tunneling
* Using SIP based domains on VPNs to create a private clouds with a single point of access

There will be a demonstration on how to properly setup a Linux server to host local based domains for secure deployment, including proper deployment of Cherokee and Apache web servers for hosting SIP domains. Finally, the presentation will demonstrate properly configuration of SIP domains to the Linux based firmware network appliance.

At the end of the presentation a viewer will know how to properly deploy Linux server for SIP domain hosting and how to create secure cloud instances with SIP.

[[Media:Disney-Leugers.odp | Slides]]
[https://vimeo.com/68091563 Video]

Front Range OWASP Conference 2013/Presentations/OpenSAMM

2013-06-11T17:47:40Z

Jess Garrett:

===Measuring Security Best Practices With OpenSAMM===

Security is becoming a competitive advantage in the marketplace. How do we ensure that security is built into products for our customers?

Security vulnerabilities can be introduced at any phase of the software development life cycle (SDLC). The [http://www.opensamm.org/ Open Software Assurance Maturity Model (OpenSAMM)] is lightweight, flexible framework that helps prevent vulnerabilities and improve security during software development.

This talk advocates adopting OpenSAMM to measure security best practices and improve our security processes, tools, and knowledge.

[[Media:Jex.ppt | Slides]]
[https://vimeo.com/68082823 Video]

Front Range OWASP Conference 2013/Presentations/Malware

2013-06-11T17:47:06Z

Jess Garrett:

===How Malware Attacks Web Applications===

Modern malware has outpaced the ability for traditional defenses to detect and contain the threats. The core of the presentation will address several techniques used by malware to attack web applications, including:

* WebInjects (aka Man-in-the-Browser) Files that contain JavaScript and HTML in order to alter the user experience in the application.
* Form-Grabbing The technique for capturing web form data within browsers.
* Session Hijacking The ability to redirect control of a session to an attacker.
* Persistence and Stealth How does the malware go undetected, for so long?
* Countermeasures How to detect malware interacting with your web applications.

[[Media:Smith.pdf | Slides]]
[https://vimeo.com/68107330 Video]

Front Range OWASP Conference 2013/Presentations/InfoEcosystem

2013-06-11T17:46:32Z

Jess Garrett:

===Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem===

Given an overview of Identity Theft, fraud and information exposure participants will discover that the liability of these issues is much broader than they are prepared to manage.

Given case studies and stories from field experience, participants will identify gaps in information compliance policies and practices that place every organization at risk beyond areas of commerce, compliance, and technology.

Upon completion of the session participants will recognize critical gaps in their information ecosystem that need to be addressed in order to create a defensible position in the case of a breach.

[[Media:Glanville.pptx | Slides]]
[https://vimeo.com/68082819 Video]

Front Range OWASP Conference 2013/Presentations/Headers

2013-06-11T17:46:06Z

Jess Garrett:

===Adventures in Large Scale HTTP Header Abuse===

While the technique of sending malicious data through HTTP Header fields is not new, there is a conspicuous lack of information on the topic.

This presentation explores research and testing results of random auditing of 1.6 million websites. The speaker will address the history of HTTP Header attacks, the logic that went into the creation of an HTTP Header Audit tool, and the most interestingly the findings of the test run.

How many vulnerable websites were discovered? What attacks were they most susceptible to? Which Header fields are most likely to be vulnerable?

Finally, the presentation will discuss defensive techniques around HTTP header abuse and how to efficiently audit a sites HTTP Header fields for vulnerabilities.

[[Media:Wolff.pptx | Slides]]
[https://vimeo.com/68071431 Video]

Front Range OWASP Conference 2013/Presentations/DevOps

2013-06-11T17:45:44Z

Jess Garrett:

Front Range OWASP Conference 2013/Presentations/DevFu

2013-06-11T17:43:54Z

Jess Garrett:

===DevFu: The inner ninja in every application developer===

Many times we try to draw a distinct line between developers and penetration testers. This creates a barrier that developers often feel intimidated to cross. The truth is that developers have an innate ability and perspective to become great penetration testers themselves.

Developers in the security industry carry a unique toolset as ethical hackers / security consultants that sets them apart from traditional penetration testers. By incorporating these skills as developers and combining them with the understanding and experience of building applications, developers can take web application penetration testing a step further than the rest.

This presentation will go over the various aspects to the developer DevFu toolbox including: deep programming knowledge, ability to write scripts on the fly, common shortcuts and their pitfalls, speaking the language, and secure coding practices. We will go over specific examples of scripts that increase productivity and extend functionality of existing pen testing programs.

[[Media:Chrastil.pptx | Slides]]
[https://vimeo.com/68082818 Video]

Front Range OWASP Conference 2013/Presentations/DesktopAppSec

2013-06-11T17:43:27Z

Jess Garrett:

===Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)===

This presentation is on the case study(s) of desktop applications undergoing a cracking/hacking/attacking life cycle. This is the summation of multiple software projects undergoing attacks from a detected and focused attacker. This presentation follows a Product Owner(s) and Coder(s) going from a self directed response.

Your software project has been going for years, your client base is growing, your making deadlines then one day some e-mail shows up and your world starts to crumble. Crack after Crack keeps coming out every version; Your new Upgrades/Code keep showing up in a competing product; Malware keeps hitting your clients. See the steps taken by day-to-day product Owner(s) and Coder(s) as they respond to security events that never crossed their minds as potential threats.

[[Media:McCoy.pdf | Slides]]
[https://vimeo.com/68071440 Video]

Front Range OWASP Conference 2013/Presentations/CustomerService

2013-06-11T17:43:10Z

Jess Garrett:

===Linking Security to Business Value in the Customer Service Industry===

The value of trust cannot be understated when discussing Superior Customer Service.

''"The main benefit of trust is customer loyalty, which in turn leads to a longer term relationship, greater share of wallet, and higher advocacy or word of mouth. Results from our consumer survey show that emotional and rational trust drive between 22% and 44% of customer loyalty."'' - Study by ESCP Europe Business School

Privacy protection is a pillar of trust. Studies show PRIVACY is of paramount importance to consumers and is growing in importance. A 2012 Ponemon Institute study on the “Most trusted companies on privacy” found that while the importance of privacy has grown over the last seven years, the loss of control over privacy has also grown as well.

The Call Center industry is at the confluence of these competing social and business priorities. On the one hand, the customer service representative (CSR) must engender competence and trustworthiness and on the other hand CSR must ask the caller for a credit card number or social security number, the most private and personal valuable pieces of information a consumer possesses.

Where there is a gap in expectations between consumers and businesses, there is an opportunity for business to differentiate themselves and fill the gap and win market share. This opportunity is being realized by emerging technology designed to satisfy Compliance standards as well as real consumer demand for privacy protections.

Call Centers as well as other types of businesses that can address consumers demand for privacy protections can improve their long term bottom line through TRUST and customer loyalty.

[[Media:Rojas.pdf | Slides]]
[https://vimeo.com/68111318 Video]

Front Range OWASP Conference 2013/Presentations/CloudSec

2013-06-11T17:42:38Z

Jess Garrett:

===Real World Cloud Application Security===

This presentation will provide the audience with a case study of how real world organizations using the public cloud are approaching application security. Netflix, one of the largest AWS and public cloud users in the world, will serve as the subject of the case study.

The discussion will cover a variety of topics of interest to application security personnel, including:

* Automating and integrating security into CI/CD environments
* Large scale vulnerability management
* Continuous security testing and monitoring, including Netflix's Security Monkey and Exploit Monkey frameworks
* Cultural integration of security in DevOps/agile organizations

[[Media:Chan.pptx | Slides]]
[https://vimeo.com/68082826 Video]

Front Range OWASP Conference 2013/Presentations/CloudForensics

2013-06-11T17:42:03Z

Jess Garrett:

===Legal Issues of Forensics in the Cloud===

Have you ever thought about how you would conduct a forensic investigation on your data if it was all in the Cloud; or, if your company suffers a data breach and all your data is in the Cloud how you would get the information you need to determine what happened and the extent of the damage? The Cloud presents many issues and new challenges. The best thing you can do is be prepared, but how?

This lecture will discuss the issues associated with attempting to deal with a data breach in the Cloud as well as conducting a forensic investigation in the Cloud. How do you prepare? What needs to be included in your contract or service level agreement? Finally, if you were not able to prepare, is all lost? What can you do, legally?

[[Media:Willson.pdf | Slides]]
[https://vimeo.com/68082821 Video]

Front Range OWASP Conference 2013/Presentations/CSIRP

2013-06-11T17:41:26Z

Jess Garrett:

===Crafting a Plan for When Security Fails===

A computer security incident, whether an exposed system with protected data or a hacked application, requires a planned response to quickly address and contain the threat. We exist in a world where having a plan is a necessity. Companies in various industries possess vast amounts of regulated and confidential data; this arrangement places a great amount of responsibility on the custodian. Unfortunately, in today's world, it is almost inevitable that you will be the target of an attack or mishandle data that may cause a potential exposure. Do you have a codified plan that helps guide your response?

CSIRPs are robust documents that are difficult to create. Developing a CSIRP that takes into account organizational culture and existing structure, creates buy-in from various departments, and is applicable in a wide array of emerging and existing threats while balancing substance and brevity may be a herculean task.

This presentation will provide the basis for the need for a CSIRP, discuss pitfalls and strategies when crafting CSIRPs, explore common ways they fail, and offer tips to create a healthy, viable, and useful process to use when confronting a computer security incident.

This presentation is geared towards those wishing to learn more about creating a viable computer security incident response plan (CSIRP).

[[Media:Lelewski.pdf | Slides]]
[https://vimeo.com/68071439 Video]

Front Range OWASP Conference 2013/Presentations/CISPA

2013-06-11T17:41:05Z

Jess Garrett:

===CISPA Why Privacy Advocates Hate This Legislation===

Reintroduced in the House of Representatives on February 13, 2013, the Cyber Intelligence Sharing and Protection Act (CISPA) is a proposed US law which would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattack.

CISPA has been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation, the American Civil Liberties Union, and Avaaz.org. Those groups argue CISPA contains too few limits on how and when the government may monitor a private individual’s Internet browsing information. Additionally, they fear that such new powers could be used to spy on the general public rather than to pursue malicious hackers. CISPA has garnered favor from corporations and lobbying groups such as Microsoft, Facebook and the United States Chamber of Commerce, which look on it as a simple and effective means of sharing important cyber threat information with the government.

Some critics saw CISPA as a second attempt at strengthening digital piracy laws after the anti-piracy Stop Online Piracy Act became deeply unpopular. Intellectual property theft was initially listed in the bill as a possible cause for sharing Web traffic information with the government, though it was removed in subsequent drafts.

[[Media:Feinroth.pptx | Slides]]
[https://vimeo.com/68071433 Video]

Front Range OWASP Conference 2013/Presentations/BountyHunters

2013-06-11T17:40:22Z

Jess Garrett:

===Digital Bounty Hunters - Decoding Bug Bounty Programs===

Amid the growing trend to "crowd source" services, a few progressive enterprises are taking a new approach to information security. A potential game-changer, these companies are shifting the traditional model of IT risk assessment by opening their doors -- and their wallets -- to freelance hackers who break in without fear of legal repercussions. Bug Bounty Programs pay cash money to hackers for responsibly disclosing security vulnerabilities on production applications and networks.

This presentation will examine who these freelance digital bounty hunters are, their motivations, and their perspective on the value of bug bounty programs. It is equally as important to understand the perspective of the individuals that run these programs, how the programs fit into a comprehensive, information security framework, as well as key successes and failures to date of this new crowd-sourced model. As part of this, the discussion will review metrics from an existing program and highlight some of the more interesting bugs discovered.

Ultimately, what is the future for these bug bounty programs? Will they disrupt the existing marketplace for professional security consultant services by offering a cheaper, more effective crowd-sourced approach? Or are these programs simply a tool for the most advanced, most daring companies to take their security programs to the next level?

[[Media:Rose.pdf | Slides]]
[https://vimeo.com/68107340 Video]

Front Range OWASP Conference 2013/Presentations/AngryCars

2013-06-11T17:39:39Z

Jess Garrett:

===Angry Cars: Hacking the "Car as Platform"===

Renault announced "what it describes as a 'tablet,' an integrated Android device built into its next range of cars, effectively opening the way to the car-as-a-platform. The car is becoming a new platform. We need developers to work on apps." Not to be left behind Ford has introduced the OpenXC platform, which it sees as a channel for collaboration between Ford and 3rd party application developers.

What role will security play in shaping this newly emerging technology, when your car can tweet it needs an oil change? Cars rely heavily on small embedded microprocessors running on a network that was never designed to be secure. This talk will look at the current technologies used CAN bus, OBDII, and tire pressure monitoring systems and demonstrate their inherent weaknesses. What should be considered in the future when most cars will be connected to the Internet?

[[Media:Weaver.pdf | Slides]]
[https://vimeo.com/68071432 Video]

Front Range OWASP Conference 2013/Presentations/AngryCars

2013-06-11T17:38:53Z

Jess Garrett:

Front Range OWASP Conference 2013/Archive

2013-06-11T16:55:52Z

Jess Garrett:

====2013 presentations====

[https://vimeo.com/68058106 Keynote Address: Data Protection for the 21st Century] 
[https://vimeo.com/68058105 Panel Discussion] 
 
'''Technical Track''' 
DevFu: The inner ninja in every application developer
*[[Media:Chrastil.pptx | Slides]]
*[https://vimeo.com/68082818 Video]
Adventures in Large Scale HTTP Header Abuse 
*[[Media:Wolff.pptx | Slides]]
*[https://vimeo.com/68071431 Video]
Angry Cars: Hacking the "Car as Platform" 
*[[Media:Weaver.pdf | Slides]]
*[https://vimeo.com/68071432 Video]
DevOps and Security: It's Happening. Right Now. 
*[[Media:Bravo.pptx | Slides]]
Real World Cloud Application Security 
*[[Media:Chan.pptx | Slides]]
*[https://vimeo.com/68082826 Video]
 
'''Deep-Dive Track''' 
SIP Based Cloud Instances 
*[[Media:Disney-Leugers.odp | Slides]]
*[https://vimeo.com/68091563 Video]
How Malware Attacks Web Applications 
*[[Media:Smith.pdf | Slides]]
*[https://vimeo.com/68107330 Video]
Top Ten Web Application Defenses 
*[[Media:Manico.pdf | Slides]]
*[https://vimeo.com/68091564 Video]
A Demo of and Preventing XSS in .NET Applications 
*[[Media:Conklin.pptx | Slides]]
*[https://vimeo.com/68069847 Video]
Data Mining a Mountain of Zero-Day Vulnerabilities 
*[[Media:Brady.pdf | Slides]]
*[https://vimeo.com/68107333 Video]
 
'''Management Track''' 
Digital Bounty Hunters - Decoding Bug Bounty Programs 
*[[Media:Rose.pdf | Slides]]
*[https://vimeo.com/68107340 Video]
Linking Security to Business Value in the Customer Service Industry 
*[[Media:Rojas.pdf | Slides]]
*[https://vimeo.com/68111318 Video]
Using SaaS and the Cloud to Secure the SDLC 
*[[Media:Earle.pptx | Slides]]
*[https://vimeo.com/68111315 Video]
Measuring Security Best Practices With Open SAMM 
*[[Media:Jex.ppt | Slides]]
*[https://vimeo.com/68082823 Video]
Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix) 
*[[Media:McCoy.pdf | Slides]]
*[https://vimeo.com/68071440 Video]
 
'''Legal Track''' 
Electronic Discovery for System Administrators 
*[[Media:Shumway.pptx | Slides]]
Legal Issues of Forensics in the Cloud 
*[[Media:Willson.pdf | Slides]]
*[https://vimeo.com/68082821 Video]
CISPA: Why Privacy Advocates Hate This Legislation 
*[[Media:Feinroth.pptx | Slides]]
*[https://vimeo.com/68071433 Video]
Crafting a Plan for When Security Fails 
*[[Media:Lelewski.pdf | Slides]]
*[https://vimeo.com/68071439 Video]
Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem 
*[[Media:Glanville.pptx | Slides]]
*[https://vimeo.com/68082819 Video]
 
====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-06-11T16:54:05Z

Jess Garrett:

====2013 presentations====

[https://vimeo.com/68058106 Keynote Address: Data Protection for the 21st Century] 
[https://vimeo.com/68058105 Panel Discussion] 

'''Technical Track''' 
DevFu: The inner ninja in every application developer
*[[Media:Chrastil.pptx | Slides]]
*[https://vimeo.com/68082818 Video]
Adventures in Large Scale HTTP Header Abuse 
*[[Media:Wolff.pptx | Slides]]
*[https://vimeo.com/68071431 Video]
Angry Cars: Hacking the "Car as Platform" 
*[[Media:Weaver.pdf | Slides]]
*[https://vimeo.com/68071432 Video]
DevOps and Security: It's Happening. Right Now. 
*[[Media:Bravo.pptx | Slides]]
Real World Cloud Application Security 
*[[Media:Chan.pptx | Slides]]
*[https://vimeo.com/68082826 Video]
 
'''Deep-Dive Track''' 
SIP Based Cloud Instances 
*[[Media:Disney-Leugers.odp | Slides]]
*[https://vimeo.com/68091563 Video]
How Malware Attacks Web Applications 
*[[Media:Smith.pdf | Slides]]
*[https://vimeo.com/68107330 Video]
Top Ten Web Application Defenses 
*[[Media:Manico.pdf | Slides]]
*[https://vimeo.com/68091564 Video]
A Demo of and Preventing XSS in .NET Applications 
*[[Media:Conklin.pptx | Slides]]
*[https://vimeo.com/68069847 Video]
Data Mining a Mountain of Zero-Day Vulnerabilities 
*[[Media:Brady.pdf | Slides]]
*[https://vimeo.com/68107333 Video]
 
'''Management Track''' 
Digital Bounty Hunters - Decoding Bug Bounty Programs 
*[[Media:Rose.pdf | Slides]]
*[https://vimeo.com/68107340 Video]
Linking Security to Business Value in the Customer Service Industry 
*[[Media:Rojas.pdf | Slides]]
*[https://vimeo.com/68111318 Video]
Using SaaS and the Cloud to Secure the SDLC 
*[[Media:Earle.pptx | Slides]]
*[https://vimeo.com/68111315 Video]
Measuring Security Best Practices With Open SAMM 
*[[Media:Jex.ppt | Slides]]
*[https://vimeo.com/68082823 Video]
Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix) 
*[[Media:McCoy.pdf | Slides]]
*[https://vimeo.com/68071440 Video]
 
'''Legal Track''' 
Electronic Discovery for System Administrators 
*[[Media:Shumway.pptx | Slides]]
Legal Issues of Forensics in the Cloud 
*[[Media:Willson.pdf | Slides]]
*[https://vimeo.com/68082821 Video]
CISPA: Why Privacy Advocates Hate This Legislation 
*[[Media:Feinroth.pptx | Slides]]
*[https://vimeo.com/68071433 Video]
Crafting a Plan for When Security Fails 
*[[Media:Lelewski.pdf | Slides]]
*[https://vimeo.com/68071439 Video]
Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem 
*[[Media:Glanville.pptx | Slides]]
*[https://vimeo.com/68082819 Video]
 
====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Schedule

2013-06-11T16:03:08Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)'' [https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]] [https://vimeo.com/68082818 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]] [https://vimeo.com/68091563 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]'' [[Media: Rose.pdf | Slides]] [https://vimeo.com/68107340 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]] [https://vimeo.com/68071431 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]] [https://vimeo.com/68107330 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]'' [[Media: Rojas.pdf | Slides]] [https://vimeo.com/68111318 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]] [https://vimeo.com/68082821 Video]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]'' [[Media: Weaver.pdf | Slides]] [https://vimeo.com/68071432 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]'' [[Media: Manico.pdf | Slides]] [https://vimeo.com/68091564 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]] [https://vimeo.com/68111315 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]] [https://vimeo.com/68071433 Video]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]] [https://vimeo.com/68069847 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]] [https://vimeo.com/68082823 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]] [https://vimeo.com/68071439 Video]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]] [https://vimeo.com/68082826 Video]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]] [https://vimeo.com/68107333 Video]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]] [https://vimeo.com/68071440 Video]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]] [https://vimeo.com/68082819 Video]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Wilson|Dan Wilson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
[https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Archive

2013-06-10T18:16:29Z

Jess Garrett:

====2013 presentations====

[https://vimeo.com/68058106 Keynote Address: Data Protection for the 21st Century] 
[https://vimeo.com/68058105 Panel Discussion] 

'''Technical Track''' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 
[[Media:Weaver.pdf|Angry Cars: Hacking the "Car as Platform"]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

'''Deep-Dive Track''' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Manico.pdf|Top Ten Web Application Defenses]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

'''Management Track''' 
[[Media:Rose.pdf|Digital Bounty Hunters - Decoding Bug Bounty Programs]] 
[[Media:Rojas.pdf|Linking Security to Business Value in the Customer Service Industry]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

'''Legal Track''' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Schedule

2013-06-10T18:14:28Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)'' [https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Wilson|Dan Wilson]]
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
[https://vimeo.com/68058105 Video]
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Archive

2013-04-16T15:24:51Z

Jess Garrett:

====2013 presentations====

'''Technical''' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 
[[Media:Weaver.pdf|Angry Cars: Hacking the "Car as Platform"]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

'''Deep-Dive''' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Manico.pdf|Top Ten Web Application Defenses]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

'''Management''' 
[[Media:Rose.pdf|Digital Bounty Hunters - Decoding Bug Bounty Programs]] 
[[Media:Rojas.pdf|Linking Security to Business Value in the Customer Service Industry]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

'''Legal''' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

File:Rose.pdf

2013-04-16T15:24:35Z

Jess Garrett:

Front Range OWASP Conference 2013/Archive

2013-04-16T15:21:56Z

Jess Garrett:

====2013 presentations====

'''Technical''' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 
[[Media:Weaver.pdf|Angry Cars: Hacking the "Car as Platform"]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

'''Deep-Dive''' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Manico.pdf|Top Ten Web Application Defenses]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

'''Management''' 

[[Media:Rojas.pdf|Linking Security to Business Value in the Customer Service Industry]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

'''Legal''' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

File:Weaver.pdf

2013-04-16T15:21:33Z

Jess Garrett:

Front Range OWASP Conference 2013/Archive

2013-04-16T15:11:36Z

Jess Garrett:

====2013 presentations====

'''Technical''' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

'''Deep-Dive''' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Manico.pdf|Top Ten Web Application Defenses]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

'''Management''' 

[[Media:Rojas.pdf|Linking Security to Business Value in the Customer Service Industry]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

'''Legal''' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

File:Manico.pdf

2013-04-16T15:10:31Z

Jess Garrett:

Front Range OWASP Conference 2013/Archive

2013-04-16T15:08:03Z

Jess Garrett:

====2013 presentations====

'''Technical''' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

'''Deep-Dive''' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 

[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

'''Management''' 

[[Media:Rojas.pdf|Linking Security to Business Value in the Customer Service Industry]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

'''Legal''' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

File:Rojas.pdf

2013-04-16T15:05:26Z

Jess Garrett:

Front Range OWASP Conference 2013/Schedule

2013-04-09T17:55:43Z

Jess Garrett:

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)''
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']] [[Media: Chrastil.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]'' [[Media: Disney-Leugers.odp| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]'' [[Media: Shumway.pptx| Slides ]]
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]'' [[Media: Wolff.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]'' [[Media: Smith.pdf| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]'' [[Media: Willson.pdf| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]'' [[Media: Earle.pptx| Slides ]]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]'' [[Media: Feinroth.pptx| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]'' [[Media: Bravo.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]'' [[Media: Conklin.pptx| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]'' [[Media: Jex.ppt| Slides ]]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]'' [[Media: Lelewski.pdf| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]'' [[Media: Chan.pptx| Slides ]]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]'' [[Media: Brady.pdf| Slides ]]
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]'' [[Media:McCoy.pdf| Slides ]]
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]'' [[Media: Glanville.pptx| Slides ]]
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
Dan Wilson
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Archive

2013-04-09T17:41:36Z

Jess Garrett:

====2013 presentations====

'''Technical''' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

'''Deep-Dive''' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 

[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

'''Management''' 


[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

'''Legal''' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T17:41:05Z

Jess Garrett:

====2013 presentations====

''Technical'' 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

''Deep-Dive'' 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 

[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

''Management'' 


[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

''Legal'' 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T17:27:12Z

Jess Garrett:

====2013 presentations====

Technical 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

Deep-Dive 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 

[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

Management 


[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

Legal 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T17:26:42Z

Jess Garrett:

====2013 presentations====

Technical
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 

Deep-Dive
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 

[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 

Management


[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 

Legal
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T17:02:48Z

Jess Garrett:

====2013 presentations====

[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 





====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T17:02:34Z

Jess Garrett:

====2013 presentations====

[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 






====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T16:52:22Z

Jess Garrett:

====2013 presentations====

[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].

Front Range OWASP Conference 2013/Archive

2013-04-09T16:51:58Z

Jess Garrett:

====2013 presentations====

Presentation materials will be made available upon the conclusion of SnowFROC2013.

[[Media:Brady.pdf|Data Mining a Mountain of Zero-Day Vulnerabilities]] 
[[Media:Chrastil.pptx|DevFu: The inner ninja in every application developer]] 
[[Media:Earle.pptx|Using SaaS and the Cloud to Secure the SDLC]] 
[[Media:Lelewski.pdf|Crafting a Plan for When Security Fails]] 
[[Media:Shumway.pptx|Electronic Discovery for System Administrators]] 
[[Media:Smith.pdf|How Malware Attacks Web Applications]] 
[[Media:Willson.pdf|Legal Issues of Forensics in the Cloud]] 
[[Media:Bravo.pptx|DevOps and Security: It's Happening. Right Now.]] 
[[Media:Chan.pptx|Real World Cloud Application Security]] 
[[Media:Conklin.pptx|A Demo of and Preventing XSS in .NET Applications]] 
[[Media:Disney-Leugers.odp|SIP Based Cloud Instances]] 
[[Media:Feinroth.pptx|CISPA: Why Privacy Advocates Hate This Legislation]] 
[[Media:Glanville.pptx|Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem]] 
[[Media:Jex.ppt|Measuring Security Best Practices With Open SAMM]] 
[[Media:McCoy.pdf|Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)]] 
[[Media:Wolff.pptx|Adventures in Large Scale HTTP Header Abuse]] 

====Previous conferences====

'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].