OWASP - User contributions [en]

OWASP NYC AppSec 2008 Conference

2008-08-29T17:24:57Z

Mdontamsetti: /* 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th */

= 2008 OWASP USA, NYC =
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}

<center> Scroll down to see speaker agenda, and training options </center>

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/6/61/Banner2_irfan.jpg]</center>
 
<hr>
<center>[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
 [https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Platinum Sponsor] - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center> 
[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Gold, Silver & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.foundstone.com/us/education-overview.asp http://www.owasp.org/images/2/26/Foundstone.jpg] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.arctecgroup.net http://www.owasp.org/images/b/bf/Arctec.jpg] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] ~ [http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf http://www.owasp.org/images/f/f8/Sponsorsm.gif]
 
<center>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
<hr>
With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students. [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_Training_Courses_-_September_22nd_and_23rd.2C_2008 2 days of hands on training classes] are also available.
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]
 
</center>
OWASP NYC's conference offers tracks for security and development professionals interested in learning how to secure applications and enterprises as well as organization leaders who want to learn more about the state of the appsec industry and its trends. With two days of training and two days of sessions discussing cutting edge research presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture.

== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
<center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#99FF99" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 07:30-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Attendee/Speaker Registration & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, where we are.. where we are going
''OWASP Foundation: [http://www.owasp.org/index.php/Contact Jeff Williams], [http://www.owasp.org/index.php/Contact Dinis Cruz], [http://www.owasp.org/index.php/Contact Dave Wichers], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.owasp.org/index.php/Contact Sebastien Deleersnyder], [http://www.owasp.org/index.php/Contact Paulo Coimbra], [http://www.owasp.org/index.php/Contact Kate Hartmann], [http://www.owasp.org/index.php/Contact Alison Shrader] & [http://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials all local chapter leaders]
''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
''[http://blog.shezaf.com Ofer Shezaf]''
| style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map] 
''[http://joesecurity.blogspot.com Joe White]''
| style="width:30%; background:#99FF99" align="left" |[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]
''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
| style="width:30%; background:#BCA57A" align="left" | Http Bot Research
''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
| style="width:30%; background:#99FF99" align="left" | MalSpam Research
'' [http://www.knujon.com/bios.html Garth Bruen]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
''LUNCH - Provided by event sponsors @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:30%; background:#BC857A" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
| style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-rohit-sethi Rohit Sethi] & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni Sahba Kazerooni]''
| style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | OWASP Testing Guide - Offensive Assessing Financial Applications
'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''

|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Critical exploits... let us count the ways
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen],''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI]
''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, [http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
''[http://www.securisksolutions.com/company/execmgt.aspx Mano Paul]''
| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
''Gunter Ollmann''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
| style="width:30%; background:#BCA57A" align="left" | Shootout @ Blackbox Corral
''Larry Suto ''
| style="width:30%; background:#99FF99" align="left" | Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
'' [http://www.linkedin.com/in/arianevans Arian Evans]''
| style="width:30%; background:#BCA57A" align="left" |Shhhh Don’t Tell Anybody
''[http://www.linkedin.com/in/ppetkov Petko D. Petkov]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af - A Framework to own the web]
''Andres Riancho''
|-
| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
| style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar Dr. B. V. Kumar] & [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav Mr. Abhay Bhargav]''
|-
| style="width:10%; background:#7B8ABD" | 20:00-23:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP NYC AppSec 2008 VIP Party
''Location: TBD''
|-
! colspan="10" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
|-
| style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo

|-
| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="left" | Software Development: The Last Security Frontier
''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior
Executive Director and member of the Board of Directors, (ISC)²''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls Best Practices Guide: Web Application Firewalls]
''Alexander Meisel''
| style="width:30%; background:#99FF99" align="left" | The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
''[http://www.linkedin.com/in/tommyryan Thomas Ryan]'' & ''[http://www.linkedin.com/in/steveantoniewicz Steve Antoniewicz]''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | [http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html APPSEC Red/Tiger Team Projects]
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''
| style="width:30%; background:#BCA57A" align="left" | OWASP "Google Hacking" Project
''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
| style="width:30%; background:#99FF99" align="left" | OWASP Web Services Top Ten
''[http://1raindrop.typepad.com Gunnar Peterson]''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | Lets talk about OWASP....
''Dinis Cruz''
| style="width:30%; background:#BCA57A" align="left" | "Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]
''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''
| style="width:30%; background:#99FF99" align="left" | Industry Analyst with Forrester Research
''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
''Pravir Chandra''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
''[http://ouncelabs.com/company/team.asp Jack Danahy]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Security in Agile Development
''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
| style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
''[http://www.linkedin.com/pub/6/372/45a James Landis]''
| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
''LUNCH - Provided @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Security Research Report
''[http://www.linkedin.com/pub/5/742/233 Dinis Cruz]''
| style="width:30%; background:#BCA57A" align="left" | Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
''Trey Ford, Tom Brennan, Jeremiah Grossman''
| style="width:30%; background:#99FF99" align="left" | [https://www.owasp.org/index.php/User_talk:Jian Lotus Notes/Domino Web Application Security]
''[https://www.owasp.org/index.php/User_talk:Jian Jian Hui Wang]''
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The Owasp Orizon Project: towards version 1.0]
[https://www.owasp.org/index.php/User:Thesp0nge Paolo Perego]
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Building_Usable_Security Building Usable Security]
[http://www.owasp.org/index.php/Zed_Abbadi Zed Abbadi]
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Input_validation:_the_Good%2C_the_Bad_and_the_Ugly Input validation: the Good, the Bad and the Ugly]
''[http://johanpeeters.com Johan Peeters]''
| style="width:30%; background:#BCA57A" align="left" | Off-shoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#99FF99" align="left" | [[NIST SAMATE Static Analysis Tool Exposition (SATE)]]
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-vadim-okun Vadim Okun]''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | Vulnerabilities in application interpreters and runtimes
''Erik Cabetas''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Ayal Yogev & Adi Sharabani''
| style="width:30%; background:#99FF99" align="left" | Mastering PCI Section 6.6
''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Wizdom of Crowds / CTF Awards & Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - September 24th and 25th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.

Do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]

<hr>

== CPE Credits ==

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

'''The CISM cpe policy (www.isaca.org/cismcpepolicy) states''':

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

'''Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC'''

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows:
Training Courses: September 22-23, 2008
• 16 CPE units for 2 days of training (Monday - Tuesday)
• 8 CPE units for 1 day of training (Monday or Tuesday Only)
Conferences: September 24-25, 2008
Earn 1 CPE per hour of conference attendance

== [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Eric Sheridan: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: John Pavone: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"
|-
! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
|-
| style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: Arshan Dabirsiaghi: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"

! align="center" style="background:#4058A0; color:white" | T8. Writing Secure Code ASP.NET - 2-Days - $1350
|-
| style="background:#F2F2F2" | Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen. [http://www.foundstone.com/us/education-overview.asp https://www.owasp.org/images/2/26/Foundstone.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotels in the area of the event]

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-08-29T17:23:54Z

Mdontamsetti: /* 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th */

= 2008 OWASP USA, NYC =
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}

<center> Scroll down to see speaker agenda, and training options </center>

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/6/61/Banner2_irfan.jpg]</center>
 
<hr>
<center>[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
 [https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Platinum Sponsor] - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center> 
[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Gold, Silver & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.foundstone.com/us/education-overview.asp http://www.owasp.org/images/2/26/Foundstone.jpg] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.arctecgroup.net http://www.owasp.org/images/b/bf/Arctec.jpg] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] ~ [http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf http://www.owasp.org/images/f/f8/Sponsorsm.gif]
 
<center>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
<hr>
With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students. [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_Training_Courses_-_September_22nd_and_23rd.2C_2008 2 days of hands on training classes] are also available.
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]
 
</center>
OWASP NYC's conference offers tracks for security and development professionals interested in learning how to secure applications and enterprises as well as organization leaders who want to learn more about the state of the appsec industry and its trends. With two days of training and two days of sessions discussing cutting edge research presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture.

== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
<center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#99FF99" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 07:30-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Attendee/Speaker Registration & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, where we are.. where we are going
''OWASP Foundation: [http://www.owasp.org/index.php/Contact Jeff Williams], [http://www.owasp.org/index.php/Contact Dinis Cruz], [http://www.owasp.org/index.php/Contact Dave Wichers], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.owasp.org/index.php/Contact Sebastien Deleersnyder], [http://www.owasp.org/index.php/Contact Paulo Coimbra], [http://www.owasp.org/index.php/Contact Kate Hartmann], [http://www.owasp.org/index.php/Contact Alison Shrader] & [http://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials all local chapter leaders]
''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
''[http://blog.shezaf.com Ofer Shezaf]''
| style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map] 
''[http://joesecurity.blogspot.com Joe White]''
| style="width:30%; background:#99FF99" align="left" |[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]
''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
| style="width:30%; background:#BCA57A" align="left" | Http Bot Research
''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
| style="width:30%; background:#99FF99" align="left" | MalSpam Research
'' [http://www.knujon.com/bios.html Garth Bruen]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
''LUNCH - Provided by event sponsors @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:30%; background:#BC857A" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
| style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-rohit-sethi Rohit Sethi] & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni Sahba Kazerooni]''
| style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | OWASP Testing Guide - Offensive Assessing Financial Applications
'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''

|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Critical exploits... let us count the ways
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen],''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI]
''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers[http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
''[http://www.securisksolutions.com/company/execmgt.aspx Mano Paul]''
| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
''Gunter Ollmann''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
| style="width:30%; background:#BCA57A" align="left" | Shootout @ Blackbox Corral
''Larry Suto ''
| style="width:30%; background:#99FF99" align="left" | Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
'' [http://www.linkedin.com/in/arianevans Arian Evans]''
| style="width:30%; background:#BCA57A" align="left" |Shhhh Don’t Tell Anybody
''[http://www.linkedin.com/in/ppetkov Petko D. Petkov]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af - A Framework to own the web]
''Andres Riancho''
|-
| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
| style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar Dr. B. V. Kumar] & [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav Mr. Abhay Bhargav]''
|-
| style="width:10%; background:#7B8ABD" | 20:00-23:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP NYC AppSec 2008 VIP Party
''Location: TBD''
|-
! colspan="10" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
|-
| style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo

|-
| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="left" | Software Development: The Last Security Frontier
''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior
Executive Director and member of the Board of Directors, (ISC)²''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls Best Practices Guide: Web Application Firewalls]
''Alexander Meisel''
| style="width:30%; background:#99FF99" align="left" | The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
''[http://www.linkedin.com/in/tommyryan Thomas Ryan]'' & ''[http://www.linkedin.com/in/steveantoniewicz Steve Antoniewicz]''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | [http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html APPSEC Red/Tiger Team Projects]
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''
| style="width:30%; background:#BCA57A" align="left" | OWASP "Google Hacking" Project
''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
| style="width:30%; background:#99FF99" align="left" | OWASP Web Services Top Ten
''[http://1raindrop.typepad.com Gunnar Peterson]''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | Lets talk about OWASP....
''Dinis Cruz''
| style="width:30%; background:#BCA57A" align="left" | "Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]
''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''
| style="width:30%; background:#99FF99" align="left" | Industry Analyst with Forrester Research
''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
''Pravir Chandra''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
''[http://ouncelabs.com/company/team.asp Jack Danahy]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Security in Agile Development
''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
| style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
''[http://www.linkedin.com/pub/6/372/45a James Landis]''
| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
''LUNCH - Provided @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Security Research Report
''[http://www.linkedin.com/pub/5/742/233 Dinis Cruz]''
| style="width:30%; background:#BCA57A" align="left" | Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
''Trey Ford, Tom Brennan, Jeremiah Grossman''
| style="width:30%; background:#99FF99" align="left" | [https://www.owasp.org/index.php/User_talk:Jian Lotus Notes/Domino Web Application Security]
''[https://www.owasp.org/index.php/User_talk:Jian Jian Hui Wang]''
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The Owasp Orizon Project: towards version 1.0]
[https://www.owasp.org/index.php/User:Thesp0nge Paolo Perego]
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Building_Usable_Security Building Usable Security]
[http://www.owasp.org/index.php/Zed_Abbadi Zed Abbadi]
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Input_validation:_the_Good%2C_the_Bad_and_the_Ugly Input validation: the Good, the Bad and the Ugly]
''[http://johanpeeters.com Johan Peeters]''
| style="width:30%; background:#BCA57A" align="left" | Off-shoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#99FF99" align="left" | [[NIST SAMATE Static Analysis Tool Exposition (SATE)]]
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-vadim-okun Vadim Okun]''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | Vulnerabilities in application interpreters and runtimes
''Erik Cabetas''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Ayal Yogev & Adi Sharabani''
| style="width:30%; background:#99FF99" align="left" | Mastering PCI Section 6.6
''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Wizdom of Crowds / CTF Awards & Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - September 24th and 25th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.

Do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]

<hr>

== CPE Credits ==

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

'''The CISM cpe policy (www.isaca.org/cismcpepolicy) states''':

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

'''Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC'''

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows:
Training Courses: September 22-23, 2008
• 16 CPE units for 2 days of training (Monday - Tuesday)
• 8 CPE units for 1 day of training (Monday or Tuesday Only)
Conferences: September 24-25, 2008
Earn 1 CPE per hour of conference attendance

== [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Eric Sheridan: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: John Pavone: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"
|-
! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
|-
| style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: Arshan Dabirsiaghi: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"

! align="center" style="background:#4058A0; color:white" | T8. Writing Secure Code ASP.NET - 2-Days - $1350
|-
| style="background:#F2F2F2" | Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen. [http://www.foundstone.com/us/education-overview.asp https://www.owasp.org/images/2/26/Foundstone.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotels in the area of the event]

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-08-29T17:22:00Z

Mdontamsetti: /* 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th */

= 2008 OWASP USA, NYC =
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}

<center> Scroll down to see speaker agenda, and training options </center>

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/6/61/Banner2_irfan.jpg]</center>
 
<hr>
<center>[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
 [https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Platinum Sponsor] - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center> 
[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Gold, Silver & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.foundstone.com/us/education-overview.asp http://www.owasp.org/images/2/26/Foundstone.jpg] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.arctecgroup.net http://www.owasp.org/images/b/bf/Arctec.jpg] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] ~ [http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf http://www.owasp.org/images/f/f8/Sponsorsm.gif]
 
<center>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
<hr>
With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students. [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_Training_Courses_-_September_22nd_and_23rd.2C_2008 2 days of hands on training classes] are also available.
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]
 
</center>
OWASP NYC's conference offers tracks for security and development professionals interested in learning how to secure applications and enterprises as well as organization leaders who want to learn more about the state of the appsec industry and its trends. With two days of training and two days of sessions discussing cutting edge research presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture.

== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
<center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#99FF99" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 07:30-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Attendee/Speaker Registration & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, where we are.. where we are going
''OWASP Foundation: [http://www.owasp.org/index.php/Contact Jeff Williams], [http://www.owasp.org/index.php/Contact Dinis Cruz], [http://www.owasp.org/index.php/Contact Dave Wichers], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.owasp.org/index.php/Contact Sebastien Deleersnyder], [http://www.owasp.org/index.php/Contact Paulo Coimbra], [http://www.owasp.org/index.php/Contact Kate Hartmann], [http://www.owasp.org/index.php/Contact Alison Shrader] & [http://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials all local chapter leaders]
''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
''[http://blog.shezaf.com Ofer Shezaf]''
| style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map] 
''[http://joesecurity.blogspot.com Joe White]''
| style="width:30%; background:#99FF99" align="left" |[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]
''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
| style="width:30%; background:#BCA57A" align="left" | Http Bot Research
''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
| style="width:30%; background:#99FF99" align="left" | MalSpam Research
'' [http://www.knujon.com/bios.html Garth Bruen]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
''LUNCH - Provided by event sponsors @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:30%; background:#BC857A" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
| style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-rohit-sethi Rohit Sethi] & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni Sahba Kazerooni]''
| style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | OWASP Testing Guide - Offensive Assessing Financial Applications
'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''

|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Critical exploits... let us count the ways
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen],''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI]
''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers[http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
''[http://www.securisksolutions.com/company/execmgt.aspx Mano Paul]''
| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
''Gunter Ollmann''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
| style="width:30%; background:#BCA57A" align="left" | Shootout @ Blackbox Corral
''Larry Suto ''
| style="width:30%; background:#99FF99" align="left" | Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
'' [http://www.linkedin.com/in/arianevans Arian Evans]''
| style="width:30%; background:#BCA57A" align="left" |Shhhh Don’t Tell Anybody
''[http://www.linkedin.com/in/ppetkov Petko D. Petkov]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af - A Framework to own the web]
''Andres Riancho''
|-
| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
| style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar Dr. B. V. Kumar] & [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav Mr. Abhay Bhargav]''
|-
| style="width:10%; background:#7B8ABD" | 20:00-23:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP NYC AppSec 2008 VIP Party
''Location: TBD''
|-
! colspan="10" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
|-
| style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo

|-
| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="left" | Software Development: The Last Security Frontier
''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior
Executive Director and member of the Board of Directors, (ISC)²''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls Best Practices Guide: Web Application Firewalls]
''Alexander Meisel''
| style="width:30%; background:#99FF99" align="left" | The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
''[http://www.linkedin.com/in/tommyryan Thomas Ryan]'' & ''[http://www.linkedin.com/in/steveantoniewicz Steve Antoniewicz]''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | [http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html APPSEC Red/Tiger Team Projects]
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''
| style="width:30%; background:#BCA57A" align="left" | OWASP "Google Hacking" Project
''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
| style="width:30%; background:#99FF99" align="left" | OWASP Web Services Top Ten
''[http://1raindrop.typepad.com Gunnar Peterson]''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | Lets talk about OWASP....
''Dinis Cruz''
| style="width:30%; background:#BCA57A" align="left" | "Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]
''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''
| style="width:30%; background:#99FF99" align="left" | Industry Analyst with Forrester Research
''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
''Pravir Chandra''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
''[http://ouncelabs.com/company/team.asp Jack Danahy]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Security in Agile Development
''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
| style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
''[http://www.linkedin.com/pub/6/372/45a James Landis]''
| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
''LUNCH - Provided @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Security Research Report
''[http://www.linkedin.com/pub/5/742/233 Dinis Cruz]''
| style="width:30%; background:#BCA57A" align="left" | Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
''Trey Ford, Tom Brennan, Jeremiah Grossman''
| style="width:30%; background:#99FF99" align="left" | [https://www.owasp.org/index.php/User_talk:Jian Lotus Notes/Domino Web Application Security]
''[https://www.owasp.org/index.php/User_talk:Jian Jian Hui Wang]''
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The Owasp Orizon Project: towards version 1.0]
[https://www.owasp.org/index.php/User:Thesp0nge Paolo Perego]
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Building_Usable_Security Building Usable Security]
[http://www.owasp.org/index.php/Zed_Abbadi Zed Abbadi]
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Input_validation:_the_Good%2C_the_Bad_and_the_Ugly Input validation: the Good, the Bad and the Ugly]
''[http://johanpeeters.com Johan Peeters]''
| style="width:30%; background:#BCA57A" align="left" | Off-shoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#99FF99" align="left" | [[NIST SAMATE Static Analysis Tool Exposition (SATE)]]
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-vadim-okun Vadim Okun]''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | Vulnerabilities in application interpreters and runtimes
''Erik Cabetas''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Ayal Yogev & Adi Sharabani''
| style="width:30%; background:#99FF99" align="left" | Mastering PCI Section 6.6
''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Wizdom of Crowds / CTF Awards & Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - September 24th and 25th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.

Do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]

<hr>

== CPE Credits ==

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

'''The CISM cpe policy (www.isaca.org/cismcpepolicy) states''':

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

'''Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC'''

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows:
Training Courses: September 22-23, 2008
• 16 CPE units for 2 days of training (Monday - Tuesday)
• 8 CPE units for 1 day of training (Monday or Tuesday Only)
Conferences: September 24-25, 2008
Earn 1 CPE per hour of conference attendance

== [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Eric Sheridan: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: John Pavone: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"
|-
! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
|-
| style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: Arshan Dabirsiaghi: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"

! align="center" style="background:#4058A0; color:white" | T8. Writing Secure Code ASP.NET - 2-Days - $1350
|-
| style="background:#F2F2F2" | Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen. [http://www.foundstone.com/us/education-overview.asp https://www.owasp.org/images/2/26/Foundstone.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotels in the area of the event]

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-08-29T17:15:47Z

Mdontamsetti: /* 2008 OWASP USA, NYC */

= 2008 OWASP USA, NYC =
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}

<center> Scroll down to see speaker agenda, and training options </center>

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/6/61/Banner2_irfan.jpg]</center>
 
<hr>
<center>[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
 [https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Platinum Sponsor] - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center> 
[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Gold, Silver & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.foundstone.com/us/education-overview.asp http://www.owasp.org/images/2/26/Foundstone.jpg] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.arctecgroup.net http://www.owasp.org/images/b/bf/Arctec.jpg] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] ~ [http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf http://www.owasp.org/images/f/f8/Sponsorsm.gif]
 
<center>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
<hr>
With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students. [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_Training_Courses_-_September_22nd_and_23rd.2C_2008 2 days of hands on training classes] are also available.
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]
 
</center>
OWASP NYC's conference offers tracks for security and development professionals interested in learning how to secure applications and enterprises as well as organization leaders who want to learn more about the state of the appsec industry and its trends. With two days of training and two days of sessions discussing cutting edge research presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture.

== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
<center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#99FF99" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 07:30-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Attendee/Speaker Registration & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, where we are.. where we are going
''OWASP Foundation: [http://www.owasp.org/index.php/Contact Jeff Williams], [http://www.owasp.org/index.php/Contact Dinis Cruz], [http://www.owasp.org/index.php/Contact Dave Wichers], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.owasp.org/index.php/Contact Sebastien Deleersnyder], [http://www.owasp.org/index.php/Contact Paulo Coimbra], [http://www.owasp.org/index.php/Contact Kate Hartmann], [http://www.owasp.org/index.php/Contact Alison Shrader] & [http://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials all local chapter leaders]
''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
''[http://blog.shezaf.com Ofer Shezaf]''
| style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map] 
''[http://joesecurity.blogspot.com Joe White]''
| style="width:30%; background:#99FF99" align="left" |[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]
''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
| style="width:30%; background:#BCA57A" align="left" | Http Bot Research
''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
| style="width:30%; background:#99FF99" align="left" | MalSpam Research
'' [http://www.knujon.com/bios.html Garth Bruen]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
''LUNCH - Provided by event sponsors @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:30%; background:#BC857A" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
| style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-rohit-sethi Rohit Sethi] & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni Sahba Kazerooni]''
| style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | OWASP Testing Guide - Offensive Assessing Financial Applications
'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''

|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Critical exploits... let us count the ways
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen],''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI]
''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers,
Tom King CISO, Barclays Capital, [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
''[http://www.securisksolutions.com/company/execmgt.aspx Mano Paul]''
| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
''Gunter Ollmann''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
| style="width:30%; background:#BCA57A" align="left" | Shootout @ Blackbox Corral
''Larry Suto ''
| style="width:30%; background:#99FF99" align="left" | Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
'' [http://www.linkedin.com/in/arianevans Arian Evans]''
| style="width:30%; background:#BCA57A" align="left" |Shhhh Don’t Tell Anybody
''[http://www.linkedin.com/in/ppetkov Petko D. Petkov]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af - A Framework to own the web]
''Andres Riancho''
|-
| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
| style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar Dr. B. V. Kumar] & [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav Mr. Abhay Bhargav]''
|-
| style="width:10%; background:#7B8ABD" | 20:00-23:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP NYC AppSec 2008 VIP Party
''Location: TBD''
|-
! colspan="10" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
|-
| style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo

|-
| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="left" | Software Development: The Last Security Frontier
''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior
Executive Director and member of the Board of Directors, (ISC)²''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls Best Practices Guide: Web Application Firewalls]
''Alexander Meisel''
| style="width:30%; background:#99FF99" align="left" | The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
''[http://www.linkedin.com/in/tommyryan Thomas Ryan]'' & ''[http://www.linkedin.com/in/steveantoniewicz Steve Antoniewicz]''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | [http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html APPSEC Red/Tiger Team Projects]
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''
| style="width:30%; background:#BCA57A" align="left" | OWASP "Google Hacking" Project
''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
| style="width:30%; background:#99FF99" align="left" | OWASP Web Services Top Ten
''[http://1raindrop.typepad.com Gunnar Peterson]''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | Lets talk about OWASP....
''Dinis Cruz''
| style="width:30%; background:#BCA57A" align="left" | "Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]
''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''
| style="width:30%; background:#99FF99" align="left" | Industry Analyst with Forrester Research
''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
''Pravir Chandra''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
''[http://ouncelabs.com/company/team.asp Jack Danahy]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Security in Agile Development
''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
| style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
''[http://www.linkedin.com/pub/6/372/45a James Landis]''
| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
''LUNCH - Provided @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Security Research Report
''[http://www.linkedin.com/pub/5/742/233 Dinis Cruz]''
| style="width:30%; background:#BCA57A" align="left" | Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
''Trey Ford, Tom Brennan, Jeremiah Grossman''
| style="width:30%; background:#99FF99" align="left" | [https://www.owasp.org/index.php/User_talk:Jian Lotus Notes/Domino Web Application Security]
''[https://www.owasp.org/index.php/User_talk:Jian Jian Hui Wang]''
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The Owasp Orizon Project: towards version 1.0]
[https://www.owasp.org/index.php/User:Thesp0nge Paolo Perego]
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Building_Usable_Security Building Usable Security]
[http://www.owasp.org/index.php/Zed_Abbadi Zed Abbadi]
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Input_validation:_the_Good%2C_the_Bad_and_the_Ugly Input validation: the Good, the Bad and the Ugly]
''[http://johanpeeters.com Johan Peeters]''
| style="width:30%; background:#BCA57A" align="left" | Off-shoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#99FF99" align="left" | [[NIST SAMATE Static Analysis Tool Exposition (SATE)]]
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-vadim-okun Vadim Okun]''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | Vulnerabilities in application interpreters and runtimes
''Erik Cabetas''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Ayal Yogev & Adi Sharabani''
| style="width:30%; background:#99FF99" align="left" | Mastering PCI Section 6.6
''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Wizdom of Crowds / CTF Awards & Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - September 24th and 25th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.

Do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]

<hr>

== CPE Credits ==

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

'''The CISM cpe policy (www.isaca.org/cismcpepolicy) states''':

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

'''Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC'''

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows:
Training Courses: September 22-23, 2008
• 16 CPE units for 2 days of training (Monday - Tuesday)
• 8 CPE units for 1 day of training (Monday or Tuesday Only)
Conferences: September 24-25, 2008
Earn 1 CPE per hour of conference attendance

== [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Eric Sheridan: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: John Pavone: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"
|-
! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
|-
| style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: Arshan Dabirsiaghi: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"

! align="center" style="background:#4058A0; color:white" | T8. Writing Secure Code ASP.NET - 2-Days - $1350
|-
| style="background:#F2F2F2" | Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen. [http://www.foundstone.com/us/education-overview.asp https://www.owasp.org/images/2/26/Foundstone.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotels in the area of the event]

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-07-18T19:30:06Z

Mdontamsetti: /* 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th */

= 2008 OWASP USA, NYC =
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/6/61/Banner2_irfan.jpg]</center>
 
<hr>
<center>[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Diamond Sponsor] 1/1 - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
 [https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Platinum Sponsor] 2/3 - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www.cenzic.com/ https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf http://www.owasp.org/images/f/f8/Sponsorsm.gif] </center> 
[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Gold, Silver & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.foundstone.com/us/education-overview.asp http://www.owasp.org/images/2/26/Foundstone.jpg] - [http://www.proactiverisk.com https://www.owasp.org/images/9/97/Proactiverisk_logo.jpg] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] - [http://www.arctecgroup.net http://www.owasp.org/images/b/bf/Arctec.jpg] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] ~ [http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf http://www.owasp.org/images/f/f8/Sponsorsm.gif]
 
<center>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
<hr>
In association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students for [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_Training_Courses_-_September_22nd_and_23rd.2C_2008 2 days of hands on training classes] are also available.
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]
To Get more involved and discuss this upcoming event [http://owaspfoundation.ning.com click here for forums] or visit other OWASP [http://www.owasp.org/index.php/Member_Offers member offers]
</center>

== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
<center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#99FF99" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 07:30-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Attendee/Speaker Registration & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, where we are.. where we are going
''[http://www.owasp.org/index.php/Contact OWASP Foundation]: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paolo Perego, Kate Hartmann & Alison Shrader
''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
''[http://blog.shezaf.com Ofer Shezaf]''
| style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map] 
''[http://joesecurity.blogspot.com Joe White]''
| style="width:30%; background:#99FF99" align="left" |[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]
''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
| style="width:30%; background:#BCA57A" align="left" | Http Bot Research
''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
| style="width:30%; background:#99FF99" align="left" | MalSpam Research
'' [http://www.knujon.com/bios.html Garth Bruen]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
''LUNCH - Provided by event sponsors @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:30%; background:#BC857A" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
| style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
''Nishchal Bhalla''
| style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Offensive Assessing Financial Applications
'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
''[http://www.thinkingstone.com/about/ivan-ristic.html Ivan Ristic]''
| style="width:30%; background:#99FF99" align="left" | How the City of New York Uses Layer8 and OWASP to Secure Web Applications
''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''

|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
''[http://ha.ckers.org/blog/about Robert "RSnake" Hansen], CEO SecTheory''
| style="width:30%; background:#BCA57A" align="left" | Reverse Engineering .NET
''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs
[http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
''[http://www.expresscertifications.com/company/execmgt.aspx Mano Paul] CEO Express Certifications''
| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
''Gunter Ollmann''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
'' [http://www.aspectsecurity.com/management.htm Jeff Williams] & Jim Manico''
| style="width:30%; background:#BCA57A" align="left" | Shootout @ Blackbox Corral
''Larry Suto ''
| style="width:30%; background:#99FF99" align="left" | Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
'' [http://www.linkedin.com/in/arianevans Arian Evans]''
| style="width:30%; background:#BCA57A" align="left" |Shhhh Don’t Tell Anybody
''[http://www.linkedin.com/in/ppetkov Petko D. Petkov]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho W3AF Open Source App Scanner]
''Andres Riancho''
|-
| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
| style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
''Dr. B. V. Kumar & Mr. Abhay Bhargav''
|-
| style="width:10%; background:#7B8ABD" | 20:00-23:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP NYC AppSec 2008 VIP Party
''Location: TBD''
|-
! colspan="10" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
|-
| style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo

|-
| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="left" | State of the Union
''[http://www.aeispeakers.com/speakerbio.php?SpeakerID=1192 Prof. Howard A. Schmidt, CISSP, CISM (Hon.)] Current (ISC)² Security Strategist and Former White House Cyber Security Advisor''
| style="width:30%; background:#BCA57A" align="left" | Best Practices Guide: Web Application Firewalls
''Dr. Georg Hess''
| style="width:30%; background:#99FF99" align="left" | The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
''[http://www.linkedin.com/in/tommyryan Thomas Ryan]''

|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | Good vs. Evil JavaScript
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman]''
| style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
| style="width:30%; background:#99FF99" align="left" | OWASP Web Services Top Ten
''[http://1raindrop.typepad.com Gunnar Peterson]''
|-
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | OWASP Update
''Dinis Cruz/Jeff Williams + Surprise Guest''
| style="width:30%; background:#BCA57A" align="left" | Help Wanted 7 Things You Need to Know APPSEC/INFOSEC Employment
''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''
| style="width:30%; background:#99FF99" align="left" | APPSEC Analyst w/ Forrester Research
''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''
|-
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
''Pravir Chandra''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
''[http://ouncelabs.com/company/team.asp Jack Danahy]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Security in Agile Development
''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
| style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
''[http://www.linkedin.com/pub/6/372/45a James Landis]''
| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
''LUNCH - Provided @ TechExpo''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Security Research Report
''[http://www.linkedin.com/pub/5/742/233 Dinis Cruz]''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Pantera Advances]
''[http://www.linkedin.com/pub/1/598/855 Simon Roses Femerling]''
| style="width:30%; background:#99FF99" align="left" | Lotus Notes Insecurity
''Jian Hui Wang''
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Owasp Orizon]
''Paolo Perego''
| style="width:30%; background:#99FF99" align="left" | Building Usable Security
''Zed Abbadi''
|-
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Input_validation:_the_Good%2C_the_Bad_and_the_Ugly Input validation: the Good, the Bad and the Ugly]
''Johan Peeters''
| style="width:30%; background:#BCA57A" align="left" | Off-shoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#99FF99" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
''Vadim Okun''
|-
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | Vulnerabilities in application interpreters and runtimes
''Erik Cabetas''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Ayal Yogev & Adi Sharabani''
| style="width:30%; background:#99FF99" align="left" | Mastering PCI Section 6.6
''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
|-
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Wizdom of Crowds / CTF Awards & Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - September 24th and 25th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.

Do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]

<hr>

== [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Jason Rouse, Sr. Consultant, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T8. Writing Secure Code ASP.NET - 2-Days - $1350
|-
| style="background:#F2F2F2" | Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen. [http://www.foundstone.com/us/education-overview.asp https://www.owasp.org/images/2/26/Foundstone.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotels in the area of the event]

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-05-20T14:59:34Z

Mdontamsetti: /* OWASP NYC AppSec 2008 Conference Schedule – Sept 24th - Sept 25th */

<center>[[Image:NYC08_468x60_72_newdates.gif]]</center>

= OWASP NYC AppSec 2008 - September 22th-25th 2008 =
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
In association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses. [http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif] - do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]
<hr>
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Diamond Sponsor] - [http://www.imperva.com https://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
 
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Platinum Sponsor] - [http://www.cenzic.com/ https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] 
 
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Gold & Silver Sponsors] -[http://www.accessitgroup.com/products/inspectit.php https://www.owasp.org/images/6/6d/Accessit.JPG] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.ouncelabs.com/ https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg]
[http://www.proactiverisk.com https://www.owasp.org/images/9/97/Proactiverisk_logo.jpg]

 
<center>[https://www.owasp.org/images/9/98/NY_Sponsorship_Form.pdf Sponsorship Opportunities] -- [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration]</center>
<hr>

== OWASP NYC AppSec 2008 Conference Schedule – Sept 24th - Sept 25th ==
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#7B8ABD" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Registration Opens and Tech Expo'''
|-
| style="width:10%; background:#7B8ABD" | 09:15-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Introduction, OWASP Version 3.0 where we are.. where we are going
''OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers''
|-
| style="width:10%; background:#7B8ABD" | 10:30-11:30 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
''Robert "RSnake" Hansen CEO [http://www.sectheory.com SecTheory]''
| style="width:30%; background:#BCA57A" align="left" | Offensive Assessing Financial Apps
''Daniel Cuthbert''
| style="width:30%; background:#7B8ABD" align="left" | Web Intrusion Detection with ModSecurity
''Ivan Ristic''
|-
| style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:30%; background:#BC857A" align="left" | Reverse Engineering .NET
''Adam Boulton''
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] 0.1 - 1.1: [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Building a Java Fuzzer for the Web]
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou] - Senior Director - [http://www.ouncelabs.com Ounce Labs] ''
| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP LIVE CD]
''Joshua Perrymon - CEO [http://www.packetfocus.com Packetfocus]''
|-
| style="width:10%; background:#7B8ABD" | 12:30-13:30 || style="width:30%; background:#BC857A" align="left" | Multidisciplinary Bank Attacks
''Gunter Ollmann, Director Security Strategy, [http://www.iss.net IBM Internet Security Systems]''
| style="width:30%; background:#BCA57A" align="left" | OWASP CLASP
''Pravir Chandra''
| style="width:30%; background:#7B8ABD" align="left" | Shootout at the Blackbox Corral
''Dinis Cruz & Larry Suto''
|-
| style="width:10%; background:#7B8ABD" | 13:30-14:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
Moderator: Mahi Dontamsetti
|-
| style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af, a framework to own the web] -
[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho ''Andres Riancho''], [http://www.cybsec.com/ Cybsec]

| style="width:30%; background:#BCA57A" align="left" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What's_hot_for_2008 | Trends in Web Hacking: What's hot in 2008 Analysis of the Web Hacking Incidents Database (WHID)]]
''[http://blog.shezaf.com Ofer Shezaf], Breach''
| style="width:30%; background:#7B8ABD" align="left" | Security in Agile Development
''Dave Wichers, COO [http://www.aspectsecurity.com Aspect Security]''
|-
| style="width:10%; background:#7B8ABD" | 15:30-16:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/ESAPI OWASP Enterprise Security API (ESAPI) Project]
''Jeff Williams, CEO [http://www.aspectsecurity.com Aspect Security]''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''Arshan Dabirsiaghi, Director of Research [http://www.aspectsecurity.com Aspect Security]''
| style="width:30%; background:#7B8ABD" align="left" | "Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks."
''Arian Evans, Director of Operations [http://www.whitehatsec.com WhiteHat Security]''
|-
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:30%; background:#BC857A" align="left" | Shhhh Don’t Tell Anybody
''Petko D. Petkov, a.k.a. pdp''
| style="width:30%; background:#BCA57A" align="left" | Secure PHP
''Hans Zaunere, CEO [http://www.nyphp.com NYCPHP]''
| style="width:30%; background:#7B8ABD" align="left" | Payment Card Data Security and the new Enterprise Java
''Dr. B. V. Kumar & Mr. Abhay ''
|-
| style="width:10%; background:#7B8ABD" | 17:30-18:30 || style="width:30%; background:#BC857A" align="left" | Notes Security
''Jian Hui Wang''
| style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
''Taylor McKinley and Jacob West''
| style="width:30%; background:#7B8ABD" align="left" | AppSec Techniques
''JD Glaser, CEO [http://www.ntobjectives.com/company/management.php NTO Objectives]''
|-
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Web Application Capture the Flag - [http://isis.poly.edu/projects Polytechnic University]'''
|-
| style="width:10%; background:#7B8ABD" | 20:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | ''' Speaker/Attendee Reception'''
|-
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
|-
| style="width:10%; background:#7B8ABD" | 8:00-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Breakfast @ Tech-Expo
|-
| style="width:10%; background:#7B8ABD" | 0900-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''"We have all the tools, policies, frameworks, documents, community support available what works... what does not?" ' Industry Panel: <TBD>, <TBD>, <TBD>, <TBD>, <TBD> Moderator: Daniel Cuthbert''
|-
| style="width:10%; background:#7B8ABD" | 10:00-11:00 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | [http://reversebenchmarking.com Open Reverse Benchmarking Project]
''Marce Luck & Tom Stracener''
| style="width:30%; background:#7B8ABD" align="left" | Building Usable Security
''Zed Abbadi''
|-
| style="width:10%; background:#7B8ABD" | 11:00-12:00 || style="width:30%; background:#BC857A" align="left" | Offshoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#BCA57A" align="left" | OWASP Orizon Project
''Paolo Perego''
| style="width:30%; background:#7B8ABD" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
''Vadim Okun''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || style="width:30%; background:#BC857A" align="left" | AppSec Research
''Mano Paul''
| style="width:30%; background:#BCA57A" align="left" | Software Liability
''Jack Danahy''
| style="width:30%; background:#7B8ABD" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
|-
| style="width:10%; background:#7B8ABD" | 13:00-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''1 HR BREAK / TECH EXPO / LUNCH BREAK'''
|-
| style="width:10%; background:#7B8ABD" | 14:00-15:00 || style="width:30%; background:#BC857A" align="left" | Projects with OWASP
''Steve Malson''
| style="width:30%; background:#BCA57A" align="left" | OWASP Pantera Advances
''Simon Roses Femerling''
| style="width:30%; background:#7B8ABD" align="left" | Software-as-a-Service (SaaS)
''James Landis''
|-
| style="width:10%; background:#7B8ABD" | 15:00-16:00 || style="width:30%; background:#BC857A" align="left" | "Out of Band" Injection
''Vijay Akasapu & Marshall Heilman''
| style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
''Christian Heinrich''
| style="width:30%; background:#7B8ABD" align="left" | Caution, Java ahead
''Jeremiah Grossman CTO [http://www.whitehatsec.com WhiteHat Security]''
|-
| style="width:10%; background:#7B8ABD" | 16:00-17:00 || style="width:30%; background:#BC857A" align="left" | [[Input validation: the Good, the Bad and the Ugly]]
''[[Johan Peeters]]''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Adi Sharabani''
| style="width:30%; background:#7B8ABD" align="left" | Learning the .Net Debugging API
''Kevin Spett''
|-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:30%; background:#BC857A" align="left" | Secure System Development Life Cycle (SSDLC) Methodology for SOA
''Ken Huang''
| style="width:30%; background:#BCA57A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin''
| style="width:30%; background:#7B8ABD" align="left" | Friend or Foe: Penetration Testing VS Source Code Analysis
''Tom Ryan''
|-
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Closing Remarks / CTF Awards / Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Farewell dinner.. Go secure the world'''
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - September 24th and 25th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th there will be 2 full days of exhibits by service providers and manufacturers from around the world.

<hr>

== [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Pravir Chandra, Project Lead OWASP [[:Category:OWASP_CLASP_Project | CLASP]] Project, Principal Consultant, [http://www.cigital.com https://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T6. Application Security Forensics - 1-Day - Sep 23rd - $675
|-
| style="background:#F2F2F2" | Web application forensics and incident response, requires a solid understanding of web application, security issues – this 1 day class will provide you with a crashcourse on chain of custody and issues related to dealing with a breach
|-
! align="center" style="background:#4058A0; color:white" | T7. Encryption Programming Using SKSML - 2-Days - $1350
|-
| style="background:#F2F2F2" | Application developers are increasingly required to protect sensitive data through encryption. While there are many libraries that can assist with cryptography, there are few to none that focus on encryption key management.

This class will introduce you to an OASIS standards protocol - Symmetric Key Services Markup Language (SKSML) - and show you how it can be used to securely encrypt sensitive data and manage encryption keys across the enterprise. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Arshad Noor, CTO, StrongAuth Inc.''' [http://www.strongauth.com https://www.owasp.org/images/8/86/StrongAuth.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotel's in the area of the event]

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/9/98/NY_Sponsorship_Form.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-04-09T00:25:58Z

Mdontamsetti: /* OWASP NYC AppSec 2008 Conference Schedule – Oct 7th - 8th */

<center>[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference https://www.owasp.org/images/8/88/NYC08_468x60_72.gif] </center>
<center> Feel free to post this banner to your website(s) to show your support to OWASP NYC 2008 </center>
 
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
= OWASP NYC AppSec 2008 - October 7th - 10th 2008 =
In association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University] your invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses. [http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]
<hr>
Diamond Sponsor - [http://www.imperva.com https://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg] 
Platinum Sponsors - 
Gold & Silver Sponsors -[http://www.accessitgroup.com/products/inspectit.php https://www.owasp.org/images/6/6d/Accessit.JPG] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]

 
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Sponsorship Opportunities]
<hr>

== OWASP NYC AppSec 2008 Conference Schedule – Oct 7th - 8th ==
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Oct 7, 2008
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
| style="width:30%; background:#BCA57A" | Track 2:
| style="width:30%; background:#7B8ABD" | Track 3:
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Registration Opens and Tech Expo'''
|-
| style="width:10%; background:#7B8ABD" | 09:30-10:30 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | '''Industry Outlook - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy-EVP Citi, Jim Routh-CISO DTCC, Sunil Seshadri-CISO NYSE-Euronet, Warren Axelrod-SVP Bank of America, Joe Bernik-Royal Bank of Scotland
Moderator: Mahi Dontamsetti
|-
| style="width:10%; background:#7B8ABD" | 10:30-11:30 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
''Robert "RSnake" Hansen''
| style="width:30%; background:#BCA57A" align="left" | Offensive Assessing Financial Apps
''Daniel Cuthbert''
| style="width:30%; background:#7B8ABD" align="left" | Web Intrusion Detection with ModSecurity
''Ivan Ristic''
|-
| style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:30%; background:#BC857A" align="left" | Reverse Engineering .NET
''Adam Boulton''
| style="width:30%; background:#BCA57A" align="left" | JBroFuzz 0.1 - 1.1: The History of Building a Java Fuzzer for Web Applications
''Yiannis Pavlosoglou''
| style="width:30%; background:#7B8ABD" align="left" | OWASP LABRAT
''Joshua Perrymon''
|-
| style="width:10%; background:#7B8ABD" | 12:30-13:30 || style="width:30%; background:#BC857A" align="left" | Black Art White Hat
''Tom Brennan''
| style="width:30%; background:#BCA57A" align="left" | OWASP CLASP
''Pravir Chandra''
| style="width:30%; background:#7B8ABD" align="left" | Shootout at the Blackbox Corral
''Dinis Cruz & Larry Suto''
|-
| style="width:10%; background:#7B8ABD" | 13:30-14:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''1 HR BREAK / TECH EXPO / LUNCH BREAK'''
|-
| style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | W3AF Web Application Attack and Audit Framework
''Andres Riancho''
| style="width:30%; background:#BCA57A" align="left" | WASC Hacking Incidents
''Ofer Shezaf''
| style="width:30%; background:#7B8ABD" align="left" | OWASP CSRFTester Project
''Dave Wichers''
|-
| style="width:10%; background:#7B8ABD" | 15:30-16:30 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API (ESAPI) Project
''Jeff Williams''
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
''Arshan Dabirsiaghi''
| style="width:30%; background:#7B8ABD" align="left" | Application Security Forensics - Now What?
''FBI Cybercrimes''
|-
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:30%; background:#BC857A" align="left" | Shhhh Don’t Tell Anybody
''Petko D. Petkov, a.k.a. pdp''
| style="width:30%; background:#BCA57A" align="left" | Secure PHP
''Hans Zaunere''
| style="width:30%; background:#7B8ABD" align="left" | Payment Card Data Security and the new Enterprise Java
''Dr. B. V. Kumar & Mr. Abhay ''
|-
| style="width:10%; background:#7B8ABD" | 17:30-18:30 || style="width:30%; background:#BC857A" align="left" | Notes Security
''Jian Hui Wang''
| style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
''Taylor McKinley and Jacob West''
| style="width:30%; background:#7B8ABD" align="left" | AppSec Techniques
''JD Glaser''
|-
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Web Application Capture the Flag (All Night – Bring it!!)'''
|-
| style="width:10%; background:#7B8ABD" | 20:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Tuesday Night Reception at [http://websterhall.com/2007_websterhall/ NYC Famous Webster Hall]'''
|-
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 – Oct 8, 2008
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Keynote: OWASP Version 3.0 where we are.. where we are going – Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder, Dave Wichers'''
|-
| style="width:10%; background:#7B8ABD" | 09:15-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Industry Panel: ' Moderator''
|-
| style="width:10%; background:#7B8ABD" | 10:00-11:00 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
''John Steven''
| style="width:30%; background:#BCA57A" align="left" | Taking the Risk out of Web 2.0
''Tom Stracener''
| style="width:30%; background:#7B8ABD" align="left" | Building Usable Security
''Zed Abbadi''
|-
| style="width:10%; background:#7B8ABD" | 11:00-12:00 || style="width:30%; background:#BC857A" align="left" | Offshoring Application Development? Security is Still Your Problem
''Rohyt Belani''
| style="width:30%; background:#BCA57A" align="left" | OWASP Orizon Project
''Paolo Perego''
| style="width:30%; background:#7B8ABD" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
''Vadim Okun''
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || style="width:30%; background:#BC857A" align="left" | AppSec Research
''Mano Paul''
| style="width:30%; background:#BCA57A" align="left" | Software Liability
''Jack Danahy''
| style="width:30%; background:#7B8ABD" align="left" | Cross-Site Scripting Filter Evasion
''Alexios Fakos''
|-
| style="width:10%; background:#7B8ABD" | 13:00-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''1 HR BREAK / TECH EXPO / LUNCH BREAK'''
|-
| style="width:10%; background:#7B8ABD" | 14:00-15:00 || style="width:30%; background:#BC857A" align="left" | Projects with OWASP
''Steve Malson''
| style="width:30%; background:#BCA57A" align="left" | OWASP Pantera Advances
''Simon Roses Femerling''
| style="width:30%; background:#7B8ABD" align="left" | Software-as-a-Service (SaaS)
''James Landis''
|-
| style="width:10%; background:#7B8ABD" | 15:00-16:00 || style="width:30%; background:#BC857A" align="left" | "Out of Band" Injection
''Vijay Akasapu & Marshall Heilman''
| style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
''Christian Heinrich''
| style="width:30%; background:#7B8ABD" align="left" | Caution, Java ahead
''Jeremiah Grossman''
|-
| style="width:10%; background:#7B8ABD" | 16:00-17:00 || style="width:30%; background:#BC857A" align="left" | Input validation: the Good, the Bad and the Ugly
''Johan Peeters''
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
''Adi Sharabani''
| style="width:30%; background:#7B8ABD" align="left" | Learning the .Net Debugging API
''Kevin Spett''
|-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:30%; background:#BC857A" align="left" | Secure System Development Life Cycle (SSDLC) Methodology for SOA
''Ken Huang''
| style="width:30%; background:#BCA57A" align="left" | Web Security Education using Open Source Tools
''Prof. Li-Chiou Chen & Chienitng Lin''
| style="width:30%; background:#7B8ABD" align="left" | Friend or Foe: Penetration Testing VS Source Code Analysis
''Tom Ryan''
|-
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Closing Remarks / CTF Awards / Raffles'''
|-
| style="width:10%; background:#7B8ABD" | 21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Farewell dinner.. Go secure the world'''
|}

<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

== Technology Pavilion - October 7th - 8th ==

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On October 7th and 8th there will be 2 full days of exhibits by service providers and manufacturers from around the world.

<hr>

== [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - October 9th and 10th 2008] ==
{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Pravir Chandra, Project Lead OWASP [[:Category:OWASP_CLASP_Project | CLASP]] Project, Principal Consultant, [http://www.cigital.com https://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
|-
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
|-
| style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
# Java EE security overview,
# All coding examples and recommendations are specifically focused on Java and Java servers, and
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
|-
! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
|-
| style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Oct 9th - $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
|-
! align="center" style="background:#4058A0; color:white" | T6. Application Security Forensics - 1-Day - Oct 10th - $675
|-
| style="background:#F2F2F2" | Web application forensics and incident response, requires a solid understanding of web application, security issues – this 1 day class will provide you with a crashcourse on chain of custody and issues related to dealing with a breach
|-
! align="center" style="background:#4058A0; color:white" | T7. Encryption Programming Using SKSML - 2-Days - $1350
|-
| style="background:#F2F2F2" | Application developers are increasingly required to protect sensitive data through encryption. While there are many libraries that can assist with cryptography, there are few to none that focus on encryption key management.

This class will introduce you to an OASIS standards protocol - Symmetric Key Services Markup Language (SKSML) - and show you how it can be used to securely encrypt sensitive data and manage encryption keys across the enterprise. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]

Instructor: Arshad Noor, CTO, StrongAuth Inc.''' [http://www.strongauth.com https://www.owasp.org/images/8/86/StrongAuth.jpg]
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotel's in the area of the event]

<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]

OWASP NYC AppSec 2008 Conference

2008-03-04T13:36:51Z

Mdontamsetti:

Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
= OWASP NYC AppSec 2008 - October 7th - 10th 2008 =
<h3>In Association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AIT Global], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University]</h3>
(2) days of Seminars and Techexpo from the world's best technology minds, (2) days of hardcore hands-on training [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located at downtown, NYC at One Pace Plaza New York, NY 10038. 

OWASP is a 501(3)c [http://www.irs.gov/charities/charitable/article/0,,id=96099,00.html NON-PROFIT] your business can send you and DONATE to this event and get a TAX CREDIT!!

Fees for this event will be: 2-Day Seminar Fee $350.00, -$50.00 for [http://www.owasp.org/index.php/Membership#Categories_of_Membership OWASP Individual/Corporate Member] - 2-Day Training Fee $1350 / 1-Day Training Classes $675 and this allows us to fund our [http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects Grant Program]. For sponsorship oppertunities [https://www.owasp.org/images/f/f3/OWASP2008-Sponsorship.pdf CLICK HERE] for full details.
 
 
<center>Registration will open on April 1st - no really ;)</center>
<center>[[CFPFAQ | Click here for more info: CFP/SPEAKERS, TRAINERS]]
 
<hr>
<h1>Tuesday - October 7th</h1> - *NOTE - Speaker times/dates WILL change once we have a full agenda
<table border=1 width=800>
<tr> <th width=50> Time </th> <th width=250> Code it! </th> <th width=250> Break it!</th> <th width=250> Secure it!</th></tr>
<tr><th>0800</th><th colspan=3>Registration Opens & TechExpo </th></tr>
<tr><th>0930</th><th colspan=3> Industry Outlook - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy-EVP Citi, Jim Routh-CISO DTCC, Sunil Seshadri-CISO NYSE-Euronet (unconfirmed), Warren Axelrod-SVP Bank of America Moderator - Mahi Dontamsetti</th></tr>

<tr><th>1030</th><td>Logic Attacks and Inefficiencies of Robotic
Detection Robert "RSnake" Hansen</td>
<td>Offensive Assessing Financial Apps Daniel Cuthbert</td>
<td>Web Intrusion Detection with ModSecurity
 Ivan Ristic</td></tr>

<tr><th>1130</th><td>Reverse Engineering .NET Adam Boulton</td>
<td>JBroFuzz + Crypto not that hard.. Yiannis Pavlosoglou </td>
<td>Open Reverse Benchmarking Tom Stracener</td></tr>

<tr><th>1230</th><td>Black Art White Hat Tom Brennan</td>
<td>OWASP CLASP Pravir Chandra</td>
<td>.NET Ninja or Pirate? Dinis Cruz</td></tr>

<tr><th>1330</th><th colspan=3>TECH-EXPO LUNCH </th></tr>

<tr><th>1430</th><td>W3AF Web Application Attack and Audit Framework. Andres Riancho</td>
<td>WASC Hacking Incidents Jeremiah Grossman</td>
<td>OWASP CSRFTester Project Dave Wichers</td></tr>

<tr><th>1530</th><td>OWASP Enterprise Security API (ESAPI) Project Jeff Williams</td>
<td>Cross Site Scripting - Worms Arshan Dabirsiaghi</td>
<td>Application Security Forensics - Now What FBI Cybercrimes</td></tr>

<tr><th>1630</th><td>Shhhh don't tell anybody Petko D. Petkov, a.k.a pdp</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKER</td></tr>

<tr><th>1730</th><td>TOPIC SPEAKERS</td>
<td>Full Disclosure vs Non-disclosure vs Responsible Disclosure Panel</td>
<td>AppSec Techniques JD Glaser</td></tr>
<tr><th>1830</th><th colspan=3>Web Application Capture the Flag (All night - Bring It!)</th></tr>
<tr><th>2100</th><th colspan=3>Tuesday Night Reception @ [http://www.websterhall.com/2007_websterhall NYC Famous Webster Hall] </th></tr>
</table>
 

<h1>Wednesday - October 8th</h1> - Check Back Soon
<table border=1 width=800>
<tr> <th width=50> Time </th> <th width=250> Code it! </th> <th width=250> Break it!</th> <th width=250> Secure it!</th></tr>
<tr><th>0800</th><th colspan=3>Web Application Capture the Flag Results</th></tr>
<tr><th>0930</th><th colspan=3> Keynote: OWASP Foundation Board - "This thing, we have" </th></tr>

<tr><th>1000</th><td>TOPIC SPEAKERS</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKERS</td></tr>

<tr><th>1100</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1200</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1300</th><th colspan=3>TECH-EXPO LUNCH</th></tr>

<tr><th>1400</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1500</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1600</th><td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKER</td></tr>

<tr><th>1700</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC Tom Brennan</td></tr>
<tr><th>1830</th><th colspan=3> TBD </th></tr>
<tr><th>2100</th><th colspan=3> Closing Remarks / Awards / Raffles </th></tr>
</table>

<hr>

== Technology Expo - October 7th - 8th ==

Want to see the latest offerings from best of breed technology firms? For 2 days, Product/Service vendors worldwide will demonstrate their ability to conference attendees.

[https://www.owasp.org/images/f/f3/OWASP2008-Sponsorship.pdf To be a OWASP 501(3)c NON-PROFIT SPONSOR CLICK HERE for details]
 
 
<hr>

== [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP AppSec 2008 Training Courses - October 9th and 10th 2008] ==

TRAINING WITH OWASP IS A DONATION TO A 501(3)c NON-PROFIT</CENTER>

{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]

Lecturer: Pravir Chandra, Project Lead OWASP [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP] Project, Principal Consultant, Cigital
'''

|-
! align="center" style="background:#4058A0; color:white" | T2. Advanced Web Application Security Testing - 1-Day - $675
|-
| style="background:#F2F2F2" | Syllabus Forthcoming

Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]

Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T4. Leading the Development of Secure Applications 1-Day - Oct 9th - $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]
Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Application Security Forensics - 1-Day - Oct 10th - $675
|-
| style="background:#F2F2F2" | How would you respond to a application security hack? This course will provide insight into the world or forensics with a focus on Web Application Security

Lecturer: TBD'''
|}

[[CFPFAQ | Click here for more info: CFP/SPEAKERS]]

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotel's in the area of the event]

OWASP NYC AppSec 2008 Conference

2008-03-04T13:30:38Z

Mdontamsetti: /* Technology Expo - October 7th - 8th */

Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
= OWASP NYC AppSec 2008 - October 7th - 10th 2008 =
<h3>In Association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AIT Global], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University]</h3>
(2) days of Seminars and Techexpo from the world's best technology minds, (2) days of hardcore hands-on training [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located at downtown, NYC at One Pace Plaza New York, NY 10038. 

OWASP is a 501(3)c [http://www.irs.gov/charities/charitable/article/0,,id=96099,00.html NON-PROFIT] your business can send you and DONATE to this event and get a TAX CREDIT!!

Fees for this event will be: 2-Day Seminar Fee $350.00, -$50.00 for [http://www.owasp.org/index.php/Membership#Categories_of_Membership OWASP Individual/Corporate Member] - 2-Day Training Fee $1350 / 1-Day Training Classes $675 and this allows us to fund our [http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects Grant Program]. For sponsorship oppertunities [https://www.owasp.org/images/f/f3/OWASP2008-Sponsorship.pdf CLICK HERE] for full details.
 
 
<center>Registration will open on April 1st - no really ;)</center>
<center>[[CFPFAQ | Click here for more info: CFP/SPEAKERS, TRAINERS]]
 
<hr>
<h1>Tuesday - October 7th</h1> - *NOTE - Speaker times/dates WILL change once we have a full agenda
<table border=1 width=800>
<tr> <th width=50> Time </th> <th width=250> Code it! </th> <th width=250> Break it!</th> <th width=250> Secure it!</th></tr>
<tr><th>0800</th><th colspan=3>Registration Opens & TechExpo </th></tr>
<tr><th>0930</th><th colspan=3> Industry Outlook - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy-EVP Citi, Jim Routh-CISO DTCC, Sunil Seshadri-CISO NYSE-Euronet (unconfirmed), Warren Axelrod-SVP Bank of America</th></tr>

<tr><th>1030</th><td>Logic Attacks and Inefficiencies of Robotic
Detection Robert "RSnake" Hansen</td>
<td>Offensive Assessing Financial Apps Daniel Cuthbert</td>
<td>Web Intrusion Detection with ModSecurity
 Ivan Ristic</td></tr>

<tr><th>1130</th><td>Reverse Engineering .NET Adam Boulton</td>
<td>JBroFuzz + Crypto not that hard.. Yiannis Pavlosoglou </td>
<td>Open Reverse Benchmarking Tom Stracener</td></tr>

<tr><th>1230</th><td>Black Art White Hat Tom Brennan</td>
<td>OWASP CLASP Pravir Chandra</td>
<td>.NET Ninja or Pirate? Dinis Cruz</td></tr>

<tr><th>1330</th><th colspan=3>TECH-EXPO LUNCH </th></tr>

<tr><th>1430</th><td>W3AF Web Application Attack and Audit Framework. Andres Riancho</td>
<td>WASC Hacking Incidents Jeremiah Grossman</td>
<td>OWASP CSRFTester Project Dave Wichers</td></tr>

<tr><th>1530</th><td>OWASP Enterprise Security API (ESAPI) Project Jeff Williams</td>
<td>Cross Site Scripting - Worms Arshan Dabirsiaghi</td>
<td>Application Security Forensics - Now What FBI Cybercrimes</td></tr>

<tr><th>1630</th><td>Shhhh don't tell anybody Petko D. Petkov, a.k.a pdp</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKER</td></tr>

<tr><th>1730</th><td>TOPIC SPEAKERS</td>
<td>Full Disclosure vs Non-disclosure vs Responsible Disclosure Panel</td>
<td>AppSec Techniques JD Glaser</td></tr>
<tr><th>1830</th><th colspan=3>Web Application Capture the Flag (All night - Bring It!)</th></tr>
<tr><th>2100</th><th colspan=3>Tuesday Night Reception @ [http://www.websterhall.com/2007_websterhall NYC Famous Webster Hall] </th></tr>
</table>
 

<h1>Wednesday - October 8th</h1> - Check Back Soon
<table border=1 width=800>
<tr> <th width=50> Time </th> <th width=250> Code it! </th> <th width=250> Break it!</th> <th width=250> Secure it!</th></tr>
<tr><th>0800</th><th colspan=3>Web Application Capture the Flag Results</th></tr>
<tr><th>0930</th><th colspan=3> Keynote: OWASP Foundation Board - "This thing, we have" </th></tr>

<tr><th>1000</th><td>TOPIC SPEAKERS</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKERS</td></tr>

<tr><th>1100</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1200</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1300</th><th colspan=3>TECH-EXPO LUNCH</th></tr>

<tr><th>1400</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1500</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1600</th><td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKER</td></tr>

<tr><th>1700</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC Tom Brennan</td></tr>
<tr><th>1830</th><th colspan=3> TBD </th></tr>
<tr><th>2100</th><th colspan=3> Closing Remarks / Awards / Raffles </th></tr>
</table>

<hr>

== Technology Expo - October 7th - 8th ==

Want to see the latest offerings from best of breed technology firms? For 2 days, Product/Service vendors worldwide will demonstrate their ability to conference attendees.

[https://www.owasp.org/images/f/f3/OWASP2008-Sponsorship.pdf To be a OWASP 501(3)c NON-PROFIT SPONSOR CLICK HERE for details]
 
 
<hr>

== [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP AppSec 2008 Training Courses - October 9th and 10th 2008] ==

TRAINING WITH OWASP IS A DONATION TO A 501(3)c NON-PROFIT</CENTER>

{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]

Lecturer: Pravir Chandra, Project Lead OWASP [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP] Project, Principal Consultant, Cigital
'''

|-
! align="center" style="background:#4058A0; color:white" | T2. Advanced Web Application Security Testing - 1-Day - $675
|-
| style="background:#F2F2F2" | Syllabus Forthcoming

Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]

Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T4. Leading the Development of Secure Applications 1-Day - Oct 9th - $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]
Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Application Security Forensics - 1-Day - Oct 10th - $675
|-
| style="background:#F2F2F2" | How would you respond to a application security hack? This course will provide insight into the world or forensics with a focus on Web Application Security

Lecturer: TBD'''
|}

[[CFPFAQ | Click here for more info: CFP/SPEAKERS]]

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotel's in the area of the event]

OWASP NYC AppSec 2008 Conference

2008-03-04T13:29:50Z

Mdontamsetti:

Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
= OWASP NYC AppSec 2008 - October 7th - 10th 2008 =
<h3>In Association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AIT Global], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University]</h3>
(2) days of Seminars and Techexpo from the world's best technology minds, (2) days of hardcore hands-on training [http://www.pace.edu/page.cfm?doc_id=16157 Pace University], located at downtown, NYC at One Pace Plaza New York, NY 10038. 

OWASP is a 501(3)c [http://www.irs.gov/charities/charitable/article/0,,id=96099,00.html NON-PROFIT] your business can send you and DONATE to this event and get a TAX CREDIT!!

Fees for this event will be: 2-Day Seminar Fee $350.00, -$50.00 for [http://www.owasp.org/index.php/Membership#Categories_of_Membership OWASP Individual/Corporate Member] - 2-Day Training Fee $1350 / 1-Day Training Classes $675 and this allows us to fund our [http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects Grant Program]. For sponsorship oppertunities [https://www.owasp.org/images/f/f3/OWASP2008-Sponsorship.pdf CLICK HERE] for full details.
 
 
<center>Registration will open on April 1st - no really ;)</center>
<center>[[CFPFAQ | Click here for more info: CFP/SPEAKERS, TRAINERS]]
 
<hr>
<h1>Tuesday - October 7th</h1> - *NOTE - Speaker times/dates WILL change once we have a full agenda
<table border=1 width=800>
<tr> <th width=50> Time </th> <th width=250> Code it! </th> <th width=250> Break it!</th> <th width=250> Secure it!</th></tr>
<tr><th>0800</th><th colspan=3>Registration Opens & TechExpo </th></tr>
<tr><th>0930</th><th colspan=3> Industry Outlook - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy-EVP Citi, Jim Routh-CISO DTCC, Sunil Seshadri-CISO NYSE-Euronet (unconfirmed), Warren Axelrod-SVP Bank of America</th></tr>

<tr><th>1030</th><td>Logic Attacks and Inefficiencies of Robotic
Detection Robert "RSnake" Hansen</td>
<td>Offensive Assessing Financial Apps Daniel Cuthbert</td>
<td>Web Intrusion Detection with ModSecurity
 Ivan Ristic</td></tr>

<tr><th>1130</th><td>Reverse Engineering .NET Adam Boulton</td>
<td>JBroFuzz + Crypto not that hard.. Yiannis Pavlosoglou </td>
<td>Open Reverse Benchmarking Tom Stracener</td></tr>

<tr><th>1230</th><td>Black Art White Hat Tom Brennan</td>
<td>OWASP CLASP Pravir Chandra</td>
<td>.NET Ninja or Pirate? Dinis Cruz</td></tr>

<tr><th>1330</th><th colspan=3>TECH-EXPO LUNCH </th></tr>

<tr><th>1430</th><td>W3AF Web Application Attack and Audit Framework. Andres Riancho</td>
<td>WASC Hacking Incidents Jeremiah Grossman</td>
<td>OWASP CSRFTester Project Dave Wichers</td></tr>

<tr><th>1530</th><td>OWASP Enterprise Security API (ESAPI) Project Jeff Williams</td>
<td>Cross Site Scripting - Worms Arshan Dabirsiaghi</td>
<td>Application Security Forensics - Now What FBI Cybercrimes</td></tr>

<tr><th>1630</th><td>Shhhh don't tell anybody Petko D. Petkov, a.k.a pdp</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKER</td></tr>

<tr><th>1730</th><td>TOPIC SPEAKERS</td>
<td>Full Disclosure vs Non-disclosure vs Responsible Disclosure Panel</td>
<td>AppSec Techniques JD Glaser</td></tr>
<tr><th>1830</th><th colspan=3>Web Application Capture the Flag (All night - Bring It!)</th></tr>
<tr><th>2100</th><th colspan=3>Tuesday Night Reception @ [http://www.websterhall.com/2007_websterhall NYC Famous Webster Hall] </th></tr>
</table>
 

<h1>Wednesday - October 8th</h1> - Check Back Soon
<table border=1 width=950>
<tr> <th width=50> Time </th> <th width=300> Code it! </th> <th width=300> Break it!</th> <th width=300> Secure it!</th></tr>
<tr><th>0800</th><th colspan=3>Web Application Capture the Flag Results</th></tr>
<tr><th>0930</th><th colspan=3> Keynote: OWASP Foundation Board - "This thing, we have" </th></tr>

<tr><th>1000</th><td>TOPIC SPEAKERS</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKERS</td></tr>

<tr><th>1100</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1200</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1300</th><th colspan=3>TECH-EXPO LUNCH</th></tr>

<tr><th>1400</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1500</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td></tr>

<tr><th>1600</th><td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKERS</td>
<td>TOPICS SPEAKER</td></tr>

<tr><th>1700</th><td>TOPIC SPEAKERS</td>
<td>TOPIC SPEAKERS</td>
<td>TOPIC Tom Brennan</td></tr>
<tr><th>1830</th><th colspan=3> TBD </th></tr>
<tr><th>2100</th><th colspan=3> Closing Remarks / Awards / Raffles </th></tr>
</table>

<hr>

== Technology Expo - October 7th - 8th ==

Want to see the latest offerings from best of breed technology firms? For 2 days, Product/Service vendors worldwide will demonstrate their ability to conference attendees.

[https://www.owasp.org/images/f/f3/OWASP2008-Sponsorship.pdf To be a OWASP 501(3)c NON-PROFIT SPONSOR CLICK HERE for details]
 
 
<hr>

== [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP AppSec 2008 Training Courses - October 9th and 10th 2008] ==

TRAINING WITH OWASP IS A DONATION TO A 501(3)c NON-PROFIT</CENTER>

{| style="width:80%" border="0" align="center"
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
|-
| style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]

Lecturer: Pravir Chandra, Project Lead OWASP [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP] Project, Principal Consultant, Cigital
'''

|-
! align="center" style="background:#4058A0; color:white" | T2. Advanced Web Application Security Testing - 1-Day - $675
|-
| style="background:#F2F2F2" | Syllabus Forthcoming

Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
|-
| style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]

Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T4. Leading the Development of Secure Applications 1-Day - Oct 9th - $675
|-
| style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training Learn More Here]
Lecturer: TBD'''
|-
! align="center" style="background:#4058A0; color:white" | T5. Application Security Forensics - 1-Day - Oct 10th - $675
|-
| style="background:#F2F2F2" | How would you respond to a application security hack? This course will provide insight into the world or forensics with a focus on Web Application Security

Lecturer: TBD'''
|}

[[CFPFAQ | Click here for more info: CFP/SPEAKERS]]

<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotel's in the area of the event]

New Jersey

2007-10-10T13:28:29Z

Mdontamsetti: /* OCTOBER 25th 2007 MEETING */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==OCTOBER 25th 2007 MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event however YOU MUST RSVP if you are not on the RSVP list or have Photo ID, Verizon Security will NOT PERMIT YOU IN THE BUILDING.

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
COSPONSORS: [http://www.mcafee.com McAfee] --- [http://intrepidusgroup.com Intrepidus Group] --- [http://www.accessitgroup.com/services/security.php AccessIT Group] --- [http://www.symantec.com Symantec] --- [http://www.mandiant.com Mandiant] --- [http://www.whitehatsec.com WhiteHat] --- [http://www.cenzic.com Cenzic] --- [http://www.net2s-us.com Net2S] --- [http://www.fortifysoftware.com Fortify] 

Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]
October 25th 8:30am-5:00pm 

--

8:30am - 9:00am - Security Check-In / Breakfast / TechExpo / Peer-to-Peer Networking ;)

---

9:00am - 09:30am - What is OWASP? Speakers: Board Members OWASP NYC Metro

---

09:30am - 10:00am - Keynote Speaker: Phil Varughese, Verizon Wireless 

Philip, Manager of Network Security Risk Management with Verizon Wireless has a leadership role in shaping particular facets of the Network Department Information Security program. Co developed and implemented an operational and effective Risk Management Program and integrated security engineering into the development lifecycle for projects and products. He is responsible for the strategic direction of risk management, vulnerability management and all tactical security issues.

Philip is a subject matter expert in Information Security and technical risk management. During his career, he has worked with several Fortune 500 firms. He has worked in the telecommunication, transportation, pharmaceutical, financial and consulting sector. He also holds many industry certifications like, CISSP, CISM, CISA, GSEC and SCCP

---

10:30am - 11:30am - TOPIC: Ready...Set...Click We can no longer think about consumer interaction and security as two different topics on opposite ends of the spectrum. They're two very important and very inter-related topics that affect everyone. The speech will describe real world flaws, poorly designed security and what hackers are doing to exploit today's websites. Lastly, it will show some forward thinking mitigation tactics.

SPEAKER: Robert "RSnake" Hansen
Robert has worked in the security industry since the mid 1990s and helped pioneer leading banner advertising and click fraud detection solutions. During his tenure at eBay, Mr. Hansen worked on anti-cross site scripting, anti-phishing, anti-virus and web application intrusion detection and countermeasures and was directly responsible for the company's entire authentication architecture. For many years he ran the managed security services product lines for Cable & Wireless. He has spoken at Blackhat, Microsoft's Bluehat, the Rotary, OWASP, the Gartner security round table and at Networld+Interop. He is a member of WASC, OWASP, ISC2, APWG and ISSA.

---

11:45 - 12:15pm - TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security This session explores 12 of the most common security traps in Java. This session doesn’t include a review of 10–year–old guidelines for writing secure applets with JDK 1.1. Instead, it looks at causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, it looks at vulnerabilities from a developer’s perspective, focusing on the source code.

SPEAKER: Eric Cabetas

---

12:15pm - 1:00pm LUNCH / Peer-to-Peer Networking / RAFFLES

---

1:00pm - 1:30pm TOPIC: Network Based Infection Detection No system is 100% secure and security often fails. As a result roughly 10% of hosts within an enterprise get infected every year. Infections are caused by vulnerabilities in applications, policy violations by insiders
and misconfigured services. Worms and viruses are not the only form of infections. Botnets, Proxies, Trojans, Keyloggers, Adware, Rootkits can be far more damaging. Even applications like Google Desktop, Skype and Foldershare can leak business secrets and hence be viewed as infections.
Infected hosts within a network pose a serious risk to business assets. Detecting infections and cleaning up after them costs an organization a big part of its IT budget as detection, containment and eradication procedures are mostly manual and labor intensive.

In this talk we describe a network based infection detection system developed at Polytechnic University. The system collects and synopsizes network traffic with strategically placed infection sensors in the network. It then analyzes network traffic for symptoms of infections to identify infected hosts. Once an infection is found and characterized, it retroactively detects similar infections which could have occurred weeks and months in the past but have not been detected yet. Finally, it provides solutions for cleanup including containment and eradication in a simple, efficient and economical manner.

SPEAKER: Professor Nasir Memon Department of Computer and Information Science of Polytechnic Univ. His research interests include Data Compression, Computer and Network Security, Multimedia
Communication and Digital Forensics. He has published more than 200 articles in journals and conference proceedings on these topics. He was an associate editor for IEEE Transactions on Image
Processing, the Journal of Electronic Imaging, and the ACM Multimedia Systems Journal. He is currently an associate editor for the IEEE Transactions on Information Security and Forensics,
the LNCS Transaction on Data Hiding, IEEE Security and Privacy Magazine, IEEE Signal Processing Magazine and the International Journal on Network Security.

---

1:45pm - 2:15pm TOPIC: Mobile Phone Security: Past, Present, and Future

SPEAKER: Corey Benninger

---

2:30pm - 3:00 TOPIC: VOIP - Can you hear me now? The presentation will disclose new attacks and weaknesses associated with protocols that are used to establish and protect VoIP communications. In addition, a newer "unpublished" version of the SIVuS tool will be demoed.

SPEAKER: Peter Thermos 

Peter Thermos has over a decade of experience in consulting and research in several areas of Information Security and Assurance and has held senior technical and management positions with telecommunications companies in research and consulting.

Peter has been the lead technical expert on various tasks (for commercial and government organizations) associated with information security and assurance including security risk assessments, standards and requirements development, ISO 17799 assessments, network security architecture and organizational security strategy. He is the author of SIVuS (The 1st VoIP vulnerability Scanner) and has published articles and refereed research papers on VoIP Security. Peter holds a Masters degree in Computer Science from Columbia University, NY and he is an active member of IETF/IEEE/ACM.

---

3:15 - 3:45pm TOPIC: Cutting Edge Application Analysis This presentation will focus on black box and white box methods of testing web applications. We will do a deep dive into source code analysis techniques that could be used in different testing scenarios to identify security weak points.

SPEAKER: Frank Gardner extensive experience in UNIX kernel development, exploit code design, protocol analysis, web application security, and cryptography

Previous projects have included the development of B1 Trusted Operating Systems extensions for Linux 2.2 and 2.4 kernels, Protected Mode OS (IA32) development, ARP promiscuous node detection, and Protocol Fuzzing tools

---

4:00 - 4:30pm TOPIC: Web Application Threats This talk will demostrate application security falws (hehe) commonly found in web applications and the reasons for them. SQL Injection, Cross Site Scripting and more as outlined in the [http://www.owasp.org/index.php/Top_10_2007 OWASP-Top 10]

SPEAKER: Dennis Hurst

---

4:45 - 5:15pm TOPIC: BS7799/ISO17799/ISO27001 What is it?... Why do you care?... Why is it failing? Brief overview of ISO27001 will be provided, along with a presentation on its key features and purpose. Real world examples of how ISO27001 audits are conducted and approaches used by auditors will be discussed. Finally the real impact of ISO27001 and how it can be improved will be presented

SPEAKER: Mahi Dontamsetti

Mahi has extensive experience in security, software development, risk management and telecommunications. He has worked on projects involving the Pentagon and Dept. of Homeland Security. A former Chief Technologist at Lockheed, he has authored couple of books on telecommunications. He was part of a team that developed the world's first combined cellular switch and radio controller.
Most recently he has been involved in making information security more measurable and has brought a metrics based Information Security Management System (ISMS) standard to the market.

<CENTER> [http://fs7.formsite.com/OWASP/form185709121/index.html RSVP NOW] </CENTER>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:pperfetti(at)nba.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
Board of Directors
*Board Member: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
[https://fs7.formsite.com/OWASP/form945832292/secure_index.html ONLINE PAYMENT OWASP NYC]
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-09-05T18:24:07Z

Mdontamsetti: /* PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==SEPTEMBER 6th MEETING==
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on September 6th 5:30pm-9:00pm 

===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
Special thanks to OWASP Board Member: Doug Shin of the AMEX
Meeting Address: 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]

Event coSponsors: [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE] ~~ [http://www.cenzic.com CENZIC]

---

TOPIC: Global Security Week Working Group - [http://www.globalsecurityweek.com/html/global_initiatives.html GSW]
What is the current state of Privacy on Web Application Security?
What should we be focusing on?

Panel Leader: Tom Brennan [http://www.owasp.org OWASP NY/NJ Metro President]

---

TOPIC: Why today's vulnerability assessments are failing and a case for industry standardization

As organizations mature their information security capabilities they start to extend their requirements to their partners and providers. Providing for the identification and management of information security issues are becoming part of contractual language. Vulnerability Assessment / ethical reports today are used today as one measurable data point to build a confidence in the status of other parties’ web applications and is generally an accepted set in due diligence. The challenge today is these Vulnerability Assessments are inconsistent in scope & rigor, and reported in a form that makes them incomparable between institutions. It is frequently impossible to understand what test design was used (black box/white box), what set of conditions were tested (OWASP top ten only, CVE, items found by common scanning tools, manually exercised conditions, etc) and how issues were rated for severity (CVSS, vendor provided, customer provided, etc). A similar problem existed with information security assessments of operational and physical security at outsourced service providers used by financial institutions and was address by developing an “agreed upon procedures” approach to outline common things needed by institutions so that assessments could be done once by a neutral party and then reused. This presentation, while not offering the complete answer for application security testing, will attempt to outline the components needed for such a solution.

SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]

---

TOPIC: Hackers...BotNets oh My!
FBI Cybercrimes task force to discuss global status of BotNets.

SPEAKER BIO: Chris Stangel [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]

---

TOPIC: OWASP Project JBroFuzz: Fuzzing for Network and Web Applications 

JBroFuzz is a OWASP stateless network protocol fuzzer that emerged from the
needs of penetration testing. This presentation will aim to illustrate
efficient ways of fuzzing in order to minimize the amount of time spent in
discovering application and network protocol vulnerabilities.

SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
[http://www.irmplc.com Information Risk Management]

---

TOPIC: Stock fluctuation from an unrecognized influence. 

SPEAKER: Justine Bone - Aitel - [http://www.immunityinc.com Immunity Security]

---

<center> Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>

<hr>

==OCTOBER 25th MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. October 25th 9:30am-4:30pm 

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
Special thanks to: Philip Varughese
Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]

Event coSponsors: [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP] ~~ [http://www.mandiant.com MANDIANT]
---

TOPIC: Keynote

SPEAKER: Renato Delatorre, Verizon Wireless

---

TOPIC: Social Engineering

SPEAKER: Kevin Mitnick

---

TOPIC: ISO 27001 What is it... Why do you care?

SPEAKER BIO: Mahi Dontamsetti

--

TOPIC: VOIP - Can you hear me now?

SPEAKER BIO: Paul Rohmeyer, Michael McCobb

--

TOPIC: Internet Fraud - War Stories

SPEAKER BIO: Mike Esposito

---

TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security

SPEAKER BIO: Richard Bowen

--

TOPIC: Mobile Security 

SPEAKER: Philip Varughese, Corey Benninger

--

<center> Meetings are FREE and open to the PUBLIC - </center>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:pperfetti(at)nba.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-08-31T12:40:59Z

Mdontamsetti: /* PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==SEPTEMBER 6th MEETING==
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on September 6th 5:30pm-9:00pm 

===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
Special thanks to: Doug Shin
Meeting Address: 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]

Event coSponsors: [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]

---

TOPIC: Financial Real-Time Threats: Impacting Trading Floor Operations 

This presentation will aim to illustrate how individual application or
network layer threats, if combined correctly, can impact the workload
between the “pit” and departments such as settlements, processing and
accounting. Stemming from the lowest level of internal threat, systems on,
or behind, trading floor operations can be manipulated in ways that might
even go unnoticed. Such impact is possible due to the shear complexity of
the enterprise applications used, as well as the ways in which they are
inter-related.

TOPIC: JBroFuzz: Effective Fuzzing for Network and Web Applications 

JBroFuzz is a stateless network protocol fuzzer that emerged from the
needs of penetration testing. This presentation will aim to illustrate
efficient ways of fuzzing in order to minimize the amount of time spent in
discovering application and network protocol vulnerabilities.

SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
[http://www.irmplc.com Information Risk Management]

---

TOPIC: Stock fluctuation from an unrecognized influence. 

SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]

---

TOPIC: Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.

SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]

---

TOPIC: Why today's vulnerability assessments are failing and a case for industry standardization

As organizations mature their information security capabilities they start to extend their requirements to their partners and providers. Providing for the identification and management of information security issues are becoming part of contractual language. Vulnerability Assessment / ethical reports today are used today as one measurable data point to build a confidence in the status of other parties’ web applications and is generally an accepted set in due diligence. The challenge today is these Vulnerability Assessments are inconsistent in scope & rigor, and reported in a form that makes them incomparable between institutions. It is frequently impossible to understand what test design was used (black box/white box), what set of conditions were tested (OWASP top ten only, CVE, items found by common scanning tools, manually exercised conditions, etc) and how issues were rated for severity (CVSS, vendor provided, customer provided, etc). A similar problem existed with information security assessments of operational and physical security at outsourced service providers used by financial institutions and was address by developing an “agreed upon procedures” approach to outline common things needed by institutions so that assessments could be done once by a neutral party and then reused. This presentation, while not offering the complete answer for application security testing, will attempt to outline the components needed for such a solution.

SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]
Mr. Clancy has 15 years experience in the information systems and information security industry. His responsibilities include management of technical content of the company’s information security polices and standards.

Prior to joining Citigroup Mr. Clancy was a consultant working with many fortune 500 companies on Information systems and Information security projects spanning the banking, insurance, pharmaceutical and manufacturing industry sectors. He holds a BS in Electrical Engineering from Drexel University and is a member of IEEE and ISSA and a participant in the FS-ISAC, BITS, FSTC, Financial Fortress Leadership Group, and Global Security Consortium.

--

TOPIC:
Blackhat/Defcon - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th. If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!

SPEAKER BIO:
Tom Brennan, President OWASP NY/NJ Metro

--

TOPIC: Global Security Week
What is the current state of Privacy on Web Application Security?
What should we be focusing on?

Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]

--

<center> Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>

<hr>

==OCTOBER 25th MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. October 25th 9:30am-4:30pm 

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
Special thanks to: Philip Varughese
Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]

Event coSponsors: [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP] ~~ [http://www.mandiant.com MANDIANT]
---

TOPIC: Keynote

SPEAKER: Renato Delatorre, Verizon Wireless

---

TOPIC: Social Engineering

SPEAKER: Kevin Mitnick

---

TOPIC: ISO 27001 What is it... Why do you care?

SPEAKER BIO: Mahi Dontamsetti

--

TOPIC: VOIP - Can you hear me now?

SPEAKER BIO: Paul Rohmeyer

--

TOPIC: Internet Fraud - War Stories

SPEAKER BIO: Mike Esposito

---

TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security

SPEAKER BIO: Richard Bowen

--

TOPIC: IMS = Is Missing Security?

SPEAKER: Peter Thermos, Michael McCobb

--

TOPIC: TBD

SPEAKER BIO: TBD

--

<center> Meetings are FREE and open to the PUBLIC - </center>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-08-30T17:25:13Z

Mdontamsetti: /* PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==SEPTEMBER 6th MEETING==
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on September 6th 5:30pm-9:00pm 

===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
Special thanks to: Doug Shin
Meeting Address: 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]

Event coSponsors: [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]

---

TOPIC: Financial Real-Time Threats: Impacting Trading Floor Operations 

This presentation will aim to illustrate how individual application or
network layer threats, if combined correctly, can impact the workload
between the “pit” and departments such as settlements, processing and
accounting. Stemming from the lowest level of internal threat, systems on,
or behind, trading floor operations can be manipulated in ways that might
even go unnoticed. Such impact is possible due to the shear complexity of
the enterprise applications used, as well as the ways in which they are
inter-related.

TOPIC: JBroFuzz: Effective Fuzzing for Network and Web Applications 

JBroFuzz is a stateless network protocol fuzzer that emerged from the
needs of penetration testing. This presentation will aim to illustrate
efficient ways of fuzzing in order to minimize the amount of time spent in
discovering application and network protocol vulnerabilities.

SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
[http://www.irmplc.com Information Risk Management]

---

TOPIC: Stock fluctuation from an unrecognized influence. 

SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]

---

TOPIC: Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.

SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]

---

TOPIC: Why today's vulnerability assessments are failing and a case for industry standardization

As organizations mature their information security capabilities they start to extend their requirements to their partners and providers. Providing for the identification and management of information security issues are becoming part of contractual language. Vulnerability Assessment / ethical reports today are used today as one measurable data point to build a confidence in the status of other parties’ web applications and is generally an accepted set in due diligence. The challenge today is these Vulnerability Assessments are inconsistent in scope & rigor, and reported in a form that makes them incomparable between institutions. It is frequently impossible to understand what test design was used (black box/white box), what set of conditions were tested (OWASP top ten only, CVE, items found by common scanning tools, manually exercised conditions, etc) and how issues were rated for severity (CVSS, vendor provided, customer provided, etc). A similar problem existed with information security assessments of operational and physical security at outsourced service providers used by financial institutions and was address by developing an “agreed upon procedures” approach to outline common things needed by institutions so that assessments could be done once by a neutral party and then reused. This presentation, while not offering the complete answer for application security testing, will attempt to outline the components needed for such a solution.

SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]
Mr. Clancy has 15 years experience in the information systems and information security industry. His responsibilities include management of technical content of the company’s information security polices and standards.

Prior to joining Citigroup Mr. Clancy was a consultant working with many fortune 500 companies on Information systems and Information security projects spanning the banking, insurance, pharmaceutical and manufacturing industry sectors. He holds a BS in Electrical Engineering from Drexel University and is a member of IEEE and ISSA and a participant in the FS-ISAC, BITS, FSTC, Financial Fortress Leadership Group, and Global Security Consortium.

--

TOPIC:
Blackhat/Defcon - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th. If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!

SPEAKER BIO:
Tom Brennan, President OWASP NY/NJ Metro

--

TOPIC: Global Security Week
What is the current state of Privacy on Web Application Security?
What should we be focusing on?

Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]

--

<center> Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>

<hr>

==OCTOBER 25th MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. October 25th 9:30am-4:30pm 

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
Special thanks to: Philip Varughese
Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]

Event coSponsors: [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP] ~~ [http://www.mandiant.com MANDIANT]
---

TOPIC: Keynote

SPEAKER: Renato Delatorre, Verizon Wireless

---

TOPIC: Social Engineering

SPEAKER: Kevin Mitnick

---

TOPIC: ISO 27001 What is it... Why do you care?

SPEAKER BIO: Mahi Dontamsetti

--

TOPIC: VOIP - Can you hear me now?

SPEAKER BIO: Paul Rohmeyer

--

TOPIC: Internet Fraud - War Stories

SPEAKER BIO: Mike Esposito

---

TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security

SPEAKER BIO: Richard Bowen

--

TOPIC: TBD

SPEAKER BIO: TBD

--

TOPIC: TBD

SPEAKER BIO: TBD

--

<center> Meetings are FREE and open to the PUBLIC - </center>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-08-28T16:45:38Z

Mdontamsetti: /* PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==SEPTEMBER 6th MEETING==
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on September 6th 5:30pm-9:00pm 

===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
Special thanks to: Doug Shin
Meeting Address: 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]

Event coSponsors: [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]

---

TOPIC: Financial Real-Time Threats: Impacting Trading Floor Operations 

This presentation will aim to illustrate how individual application or
network layer threats, if combined correctly, can impact the workload
between the “pit” and departments such as settlements, processing and
accounting. Stemming from the lowest level of internal threat, systems on,
or behind, trading floor operations can be manipulated in ways that might
even go unnoticed. Such impact is possible due to the shear complexity of
the enterprise applications used, as well as the ways in which they are
inter-related.

TOPIC: JBroFuzz: Effective Fuzzing for Network and Web Applications 

JBroFuzz is a stateless network protocol fuzzer that emerged from the
needs of penetration testing. This presentation will aim to illustrate
efficient ways of fuzzing in order to minimize the amount of time spent in
discovering application and network protocol vulnerabilities.

SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
[http://www.irmplc.com Information Risk Management]

---

TOPIC: Stock fluctuation from an unrecognized influence. 

SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]

---

TOPIC: Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.

SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]

---

TOPIC: Remote Security
This industry talk will focus on the unique security challenges faced by Citigroup given the scale and breadth of their network (World's largest VPN).

SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]

--

TOPIC:
Blackhat/Defcon - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th. If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!

SPEAKER BIO:
Tom Brennan, President OWASP NY/NJ Metro

--

TOPIC: Global Security Week
What is the current state of Privacy on Web Application Security?
What should we be focusing on?

Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]

--

<center> Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>

<hr>

==OCTOBER 25th MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. October 25th 9:30am-4:30pm 

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
Special thanks to: Philip Varughese
Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]

Event coSponsors: [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP] ~~ [http://www.mandiant.com MANDIANT]
---

TOPIC: Keynote

SPEAKER: Renato Delatorre, Verizon Wireless

---

TOPIC: Social Engineering

SPEAKER: Kevin Mitnick

---

TOPIC: ISO 27001 What is it... Why do you care?

SPEAKER BIO: Mahi Dontamsetti

--

TOPIC: VOIP - Can you hear me now?

SPEAKER BIO: Paul Rohmeyer

--

TOPIC: Internet Fraud - War Stories

SPEAKER BIO: Mike Esposito

---

TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security

SPEAKER BIO: Richard Bowen

--

TOPIC: TBD

SPEAKER BIO: TBD

--

TOPIC: TBD

SPEAKER BIO: TBD

--

<center> Meetings are FREE and open to the PUBLIC - </center>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-08-28T15:53:45Z

Mdontamsetti: /* PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==SEPTEMBER 6th MEETING==
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on September 6th 5:30pm-9:00pm 

===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
Special thanks to: Doug Shin
Meeting Address: 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]

Event coSponsors: [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]

---

TOPIC: Financial Real-Time Threats: Impacting Trading Floor Operations 

This presentation will aim to illustrate how individual application or
network layer threats, if combined correctly, can impact the workload
between the “pit” and departments such as settlements, processing and
accounting. Stemming from the lowest level of internal threat, systems on,
or behind, trading floor operations can be manipulated in ways that might
even go unnoticed. Such impact is possible due to the shear complexity of
the enterprise applications used, as well as the ways in which they are
inter-related.

TOPIC: JBroFuzz: Effective Fuzzing for Network and Web Applications 

JBroFuzz is a stateless network protocol fuzzer that emerged from the
needs of penetration testing. This presentation will aim to illustrate
efficient ways of fuzzing in order to minimize the amount of time spent in
discovering application and network protocol vulnerabilities.

SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
[http://www.irmplc.com Information Risk Management]

---

TOPIC: Stock fluctuation from an unrecognized influence. 

SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]

---

TOPIC: Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.

SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]

---

TOPIC: Remote Security
This industry talk will focus on the unique security challenges faced by Citigroup given the scale and breadth of their network (World's largest VPN).

SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]

--

TOPIC:
Blackhat/Defcon - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th. If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!

SPEAKER BIO:
Tom Brennan, President OWASP NY/NJ Metro

--

TOPIC: Global Security Week
What is the current state of Privacy on Web Application Security?
What should we be focusing on?

Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]

--

<center> Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>

<hr>

==OCTOBER 25th MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. October 25th 9:30am-4:30pm 

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
Special thanks to: Philip Varughese
Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]

Event coSponsors: [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP]
---

TOPIC: Keynote

SPEAKER: Renato Delatorre, Verizon Wireless

---

TOPIC: Social Engineering

SPEAKER: Kevin Mitnick

---

TOPIC: ISO 27001 What is it... Why do you care?

SPEAKER BIO: Mahi Dontamsetti

--

TOPIC: VOIP - Can you hear me now?

SPEAKER BIO: Paul Rohmeyer

--

TOPIC: Internet Fraud - War Stories

SPEAKER BIO: Mike Esposito

---

TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security

SPEAKER BIO: Richard Bowen

--

TOPIC: TBD

SPEAKER BIO: TBD

--

TOPIC: TBD

SPEAKER BIO: TBD

--

<center> Meetings are FREE and open to the PUBLIC - </center>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-08-23T11:46:09Z

Mdontamsetti: /* PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==SEPTEMBER 6th MEETING==
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on September 6th 5:30pm-9:00pm 

===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
Special thanks to: Doug Shin
Meeting Address: 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]

Event coSponsors: [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]

---

TOPIC: Financial Real-Time Threats: Impacting Trading Floor Operations 

This presentation will aim to illustrate how individual application or
network layer threats, if combined correctly, can impact the workload
between the “pit” and departments such as settlements, processing and
accounting. Stemming from the lowest level of internal threat, systems on,
or behind, trading floor operations can be manipulated in ways that might
even go unnoticed. Such impact is possible due to the shear complexity of
the enterprise applications used, as well as the ways in which they are
inter-related.

TOPIC: JBroFuzz: Effective Fuzzing for Network and Web Applications 

JBroFuzz is a stateless network protocol fuzzer that emerged from the
needs of penetration testing. This presentation will aim to illustrate
efficient ways of fuzzing in order to minimize the amount of time spent in
discovering application and network protocol vulnerabilities.

SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
[http://www.irmplc.com Information Risk Management]

---

TOPIC: Stock fluctuation from an unrecognized influence. 

SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]

---

TOPIC: Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.

SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]

---

TOPIC: Remote Security
This industry talk will focus on the unique security challenges faced by Citigroup given the scale and breadth of their network (World's largest VPN).

SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]

--

TOPIC:
Blackhat/Defcon - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th. If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!

SPEAKER BIO:
Tom Brennan, President OWASP NY/NJ Metro

--

TOPIC: Global Security Week
What is the current state of Privacy on Web Application Security?
What should we be focusing on?

Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]

--

<center> Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>

<hr>

==OCTOBER 25th MEETING==
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. October 25th 9:30am-4:30pm 

===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
Special thanks to: Philip Varughese
Meeting Address: 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]

Event coSponsors: [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP]
---

TOPIC: Social Engineering

SPEAKER: Kevin Mitnick

---

TOPIC: ISO 27001 What is it... Why do you care?

SPEAKER BIO: Mahi Dontamsetti

--

TOPIC: VOIP - Can you hear me now?

SPEAKER BIO: Paul Rohmeyer

--

TOPIC: Internet Fraud - War Stories

SPEAKER BIO: Mike Esposito

---

TOPIC: Dig Your Own Hole: 12 Ways to Go Wrong with Java Security

SPEAKER BIO: Richard Bowen

--

TOPIC: TBD

SPEAKER BIO: TBD

--

TOPIC: TBD

SPEAKER BIO: TBD

--

<center> Meetings are FREE and open to the PUBLIC - </center>

<hr>

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Treasurer: [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:pstern100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:dougshin(at)gmail.com Douglas Shin]
Educational Advisors
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]
</ul>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006 
973-202-0122
 
 
 
 
 
 
 
 
 
 
 
 
[http://www.proactiverisk.com ~]

New Jersey

2007-05-18T00:02:37Z

Mdontamsetti:

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==OWASP Presents at United Nations !!==
Hear World Leaders such as Ban Ki-Moon, Secretary General, United Nations,
Karen Evans, Administrator for e-Gov & IT, OMB, Executive Office of the President
and other industry leaders talk about information security at AIT's 19th Annual
Information Security Conference & Exhibit, in Celebration of World Information
Society Day June 4, 2007, United Nations HQs, NYC

There's no charge to attend, pre-register now -
http://www.aitglobal.com/theform.html

==Next Meeting NYC: JUNE 12th 6:00pm - 9:00pm ==

===Sponsor: [http://www.dtcc.com The Depository Trust & Clearing Corp.]===
Meeting Address: 55 Water Street #26-139, NYC, NY 10041 - [http://tinyurl.com/33htrt Directions]

Event Co-Sponsors: [http://www.centuria.us CENTURIA] - [http://www.varonis.com/Products/Overview VARONIS] - [http://www.fortify.com FORTIFY] - [http://www.appsecinc.com APPLICATION SECURITY] - [http://www.accessitgroup.com ACCESSIT GROUP] - [http://www.aspectsecurity.com ASPECT SECURITY] 

Event Speakers:
 
Keynote: Jeff Williams - OWASP Worldwide Chair
 
Speaker: Chris "Weld Pond" Wysopal - Binary Analysis
 
Speaker: Warren Axelrod - Secure Outsourcing
 
Speaker: Eric Uner - Application Firewalls
 
Speaker: Michael Feldman - .Net Secure Programming

<center>[http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED]</center>

---

TOPIC: Binary Analysis... its in the code

SPEAKER BIO: Chris (aka:Weld Pond) Wysopal, Co-Founder and Chief Technology Officer of [http://www.veracode.com Vercode]
He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Mr. Wysopal’s groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the “Responsible Vulnerability Disclosure Process,” which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities.

Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 governments, military and corporate organizations worldwide.

Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90’s, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake’s Research Group and later became @stake’s vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake’s products group to develop new security tools focused on wireless, infrastructure and application security.

In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.

--

TOPIC: 7-Things You Need to Know about Application Firewalls

SPEAKER BIO: Eric Uner, PhD is Chief Technical Officer and Chief Scientist of Sentinel Security Corporation a subsidiary of [http://www.centuria.us Centuria Corporation] He is an industry-recognized scientific expert in the areas of embedded systems and information security. His research into applying biological defense models to computer systems and chaos theory led to the patented algorithms used in the HYDRA web cyber-defense appliance.

Mr.Uner's work, including his software vulnerability equation and pseudo-random number generation algorithms, has been published in numerous journals internationally. He has also appeared in television interviews and broadcast radio as an expert in computer security.

--

TOPIC: Programming Microsoft .Net for Security 

SPEAKER BIO: Michael Feldman President, [http://www.dataritesys.com/home/default.asp Data Rite Systems Group]
Mike Feldman is an expert in creating highly customized, Web-based applications. He has more than 15 years experience in database technology and software development. Mike also was an instructor of client-server applications at Baruch College. Prior to founding Data-Rite, he worked as a project manager for TIAA-CREF, the largest pension holder in the country, developing enterprise level databases, and was a programmer for Monarch Financial Services

--

TOPIC: Security Outsourcing: Issues, Concerns and suggestions on how to do it right 

SPEAKER BIO: C Warren Axelrod, Chief Privacy Officer & BISO, [http://www.ustrust.com US Trust Company]
Mr. Axelrod is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. The FS/ISAC is a public-private collaborative effort to share information on security threats, vulnerabilities and incidents among members and with government. He testified at a Congressional Hearing in 2001 on cyber security. He is on the Editorial Advisory Board of the ISSA Journal and several other advisory boards, such as for TMF (Technology Managers Forum) and I3P (Institute for Information Infrastructure Protection) Mr. Axelrod was honored with a Computerworld Premier 100 IT Leaders Award in 2003 and his department's implementation of an intrusion detection system was given a Best in Class award. He has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” which received a five-star rating on Amazon, was published in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM and has NASD Series 7 and Series 24 licenses.

ABSTRACT:

Full consideration of information security must be part of any IT outsourcing arrangement, whether the outsourced service or product is security-related or not, and whether the provider is local, in the same country, near shore or offshore. It must be examined even more closely when the service or product is in fact security-related and when the provider has access to sensitive information such as customer nonpublic personal information and company-confidential data, including intellectual property. Particular note will be made of implicit outsourcing arrangements such as occur with data aggregation, Web services, grid computing and open source. The presentation will review some of the predominant privacy and security risks of outsourcing and suggests how they might be mitigated

<hr>

 Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED] as space is limited and required by building security!

[http://tinyurl.com/33htrt GOOGLE MAP DIRECTIONS]

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:tomb(at)accessitgroup.com Tom Brennan] - AccessIT
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti] - ABN Amro
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz] - Net2s
*Treasurer: [mailto:Tom.ryan(at)providesecurity.com Tom Ryan] - Foundstone
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti] - M3 Security
*Board Member: [mailto:pster100(at)gmail.com Peter Stern] - IBM-ISS
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter] - Financial Services, Inc
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister] - Deloitte
*Board Member: [mailto:stanguzik(at)yahoo.com Stan Guzik] - Thompson
Advisor(s)
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]

</ul>

To submit educational topic for a future meeting please provide a short abstract/paragraph of the talk or powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include speaker BIO. Or call 973-202-0122 if you wish to host a meeting or become a chapter meeting host or co-sponsor.

<hr>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006

New Jersey

2007-05-08T19:28:09Z

Mdontamsetti: /* NY/NJ OWASP Chapter Leaders */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==Next Meeting NYC: JUNE 12th 6:00pm - 9:00pm ==

===Sponsor: [http://www.dtcc.com The Depository Trust & Clearing Corp.]===
Meeting Address: 55 Water Street #26-139, NYC, NY 10041 - [http://tinyurl.com/33htrt Directions]

Event Co-Sponsors: [http://www.centuria.us CENTURIA] - [http://www.varonis.com/Products/Overview VARONIS] - [http://www.fortify.com FORTIFY] - [http://www.appsecinc.com APPLICATION SECURITY] - [http://www.accessitgroup.com ACCESSIT GROUP]

Event Speakers:
 
Keynote: Jeff Williams - OWASP Worldwide Chair
 
Speaker: Chris "Weld Pond" Wysopal - Binary Analysis
 
Speaker: Warren Axelrod - Secure Outsourcing
 
Speaker: Eric Uner - Application Firewalls
 
Speaker: Michael Feldman - .Net Secure Programming

<center>[http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED]</center>

---

TOPIC: Binary Analysis... its in the code

SPEAKER BIO: Chris (aka:Weld Pond) Wysopal, Co-Founder and Chief Technology Officer of [http://www.veracode.com Vercode]
He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Mr. Wysopal’s groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the “Responsible Vulnerability Disclosure Process,” which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities.

Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 governments, military and corporate organizations worldwide.

Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90’s, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake’s Research Group and later became @stake’s vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake’s products group to develop new security tools focused on wireless, infrastructure and application security.

In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.

--

TOPIC: 7-Things You Need to Know about Application Firewalls

SPEAKER BIO: Eric Uner, PhD is Chief Technical Officer and Chief Scientist of Sentinel Security Corporation a subsidiary of [http://www.centuria.us Centuria Corporation] He is an industry-recognized scientific expert in the areas of embedded systems and information security. His research into applying biological defense models to computer systems and chaos theory led to the patented algorithms used in the HYDRA web cyber-defense appliance.

Mr.Uner's work, including his software vulnerability equation and pseudo-random number generation algorithms, has been published in numerous journals internationally. He has also appeared in television interviews and broadcast radio as an expert in computer security.

--

TOPIC: Programming Microsoft .Net for Security 

SPEAKER BIO: Michael Feldman President, [http://www.dataritesys.com/home/default.asp Data Rite Systems Group]
Mike Feldman is an expert in creating highly customized, Web-based applications. He has more than 15 years experience in database technology and software development. Mike also was an instructor of client-server applications at Baruch College. Prior to founding Data-Rite, he worked as a project manager for TIAA-CREF, the largest pension holder in the country, developing enterprise level databases, and was a programmer for Monarch Financial Services

--

TOPIC: Security Outsourcing: Issues, Concerns and suggestions on how to do it right 

SPEAKER BIO: C Warren Axelrod, Chief Privacy Officer & BISO, [http://www.ustrust.com US Trust Company]
Mr. Axelrod is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. The FS/ISAC is a public-private collaborative effort to share information on security threats, vulnerabilities and incidents among members and with government. He testified at a Congressional Hearing in 2001 on cyber security. He is on the Editorial Advisory Board of the ISSA Journal and several other advisory boards, such as for TMF (Technology Managers Forum) and I3P (Institute for Information Infrastructure Protection) Mr. Axelrod was honored with a Computerworld Premier 100 IT Leaders Award in 2003 and his department's implementation of an intrusion detection system was given a Best in Class award. He has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” which received a five-star rating on Amazon, was published in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM and has NASD Series 7 and Series 24 licenses.

ABSTRACT:

Full consideration of information security must be part of any IT outsourcing arrangement, whether the outsourced service or product is security-related or not, and whether the provider is local, in the same country, near shore or offshore. It must be examined even more closely when the service or product is in fact security-related and when the provider has access to sensitive information such as customer nonpublic personal information and company-confidential data, including intellectual property. Particular note will be made of implicit outsourcing arrangements such as occur with data aggregation, Web services, grid computing and open source. The presentation will review some of the predominant privacy and security risks of outsourcing and suggests how they might be mitigated

<hr>

 Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED] as space is limited and required by building security!

[http://tinyurl.com/33htrt GOOGLE MAP DIRECTIONS]

= NY/NJ OWASP Chapter Leaders =
<ul>
Officers
*President: [mailto:tomb(at)accessitgroup.com Tom Brennan] - AccessIT
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti] - ABN Amro
*Secretary: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz] - Net2s
*Treasurer: [mailto:Tom.ryan(at)providesecurity.com Tom Ryan] - Foundstone
Board of Directors
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti] - M3 Security
*Board Member: [mailto:pster100(at)gmail.com Peter Stern] - IBM-ISS
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter] - Financial Services, Inc
*Board Member: [mailto:BrianPei(at)yahoo.com Brian Peister] - Deloitte
*Board Member: [mailto:stanguzik(at)yahoo.com Stan Guzik] - Thompson
Advisor(s)
*New Jersey Institute of Technology: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Polytechnic University: [mailto:memon(at)poly.edu Nasir Memon]

</ul>

To submit educational topic for a future meeting please provide a short abstract/paragraph of the talk or powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include speaker BIO. Or call 973-202-0122 if you wish to host a meeting or become a chapter meeting host or co-sponsor.

<hr>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006

New Jersey

2007-04-26T23:30:43Z

Mdontamsetti: /* Location Sponsor: [http://www.dtcc.com The Depository Trust & Clearing Corp.] */

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}

==Next Meeting NYC: JUNE 12th 6:00pm - 9:00pm ==

===Location Sponsor: [http://www.dtcc.com The Depository Trust & Clearing Corp.]===
Meeting Address: 55 Water Street #26-139, NYC, NY 10041 - [http://tinyurl.com/33htrt Directions]

Event Co-Sponsors:
[http://www.centuria.us Centuria] - [http://en.wikipedia.org/wiki/Sponsor YOUR COMPANY?] - [http://en.wikipedia.org/wiki/Sponsor YOUR COMPANY?] - [http://en.wikipedia.org/wiki/Sponsor YOUR COMPANY?]

[http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED]

---

TOPIC: Binary Analysis... its in the code

SPEAKER BIO: Chris (aka:Weld Pond) Wysopal, Co-Founder and Chief Technology Officer of [http://www.veracode.com Vercode]
He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Mr. Wysopal’s groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the “Responsible Vulnerability Disclosure Process,” which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities.

Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 governments, military and corporate organizations worldwide.

Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90’s, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake’s Research Group and later became @stake’s vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake’s products group to develop new security tools focused on wireless, infrastructure and application security.

In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.

--

TOPIC: 7-Things You Need to Know about Application Firewalls

SPEAKER BIO: Eric Uner, PhD is Chief Technical Officer and Chief Scientist of Sentinel Security Corporation a subsidiary of [http://www.centuria.us Centuria Corporation] He is an industry-recognized scientific expert in the areas of embedded systems and information security. His research into applying biological defense models to computer systems and chaos theory led to the patented algorithms used in the HYDRA web cyber-defense appliance.

Mr.Uner's work, including his software vulnerability equation and pseudo-random number generation algorithms, has been published in numerous journals internationally. He has also appeared in television interviews and broadcast radio as an expert in computer security.

--

TOPIC: Programming Microsoft .Net for Security 

SPEAKER BIO: Michael Feldman President, [http://www.dataritesys.com/home/default.asp Data Rite Systems Group]
Mike Feldman is an expert in creating highly customized, Web-based applications. He has more than 15 years experience in database technology and software development. Mike also was an instructor of client-server applications at Baruch College. Prior to founding Data-Rite, he worked as a project manager for TIAA-CREF, the largest pension holder in the country, developing enterprise level databases, and was a programmer for Monarch Financial Services

--

TOPIC: Security outsourcing: Issues, Concerns and how to do it right 

SPEAKER BIO: C Warren Axelrod, Chief Privacy Officer & BISO, US Trust Company

Mr. Axelrod is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. The FS/ISAC is a public-private collaborative effort to share information on security threats, vulnerabilities and incidents among members and with government. He testified at a Congressional Hearing in 2001 on cyber security. He is on the Editorial Advisory Board of the ISSA Journal and several other advisory boards, such as for TMF (Technology Managers Forum) and I3P (Institute for Information Infrastructure Protection)

Mr. Axelrod was honored with a Computerworld Premier 100 IT Leaders Award in 2003 and his department's implementation of an intrusion detection system was given a Best in Class award. He has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” which received a five-star rating on Amazon, was published in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM and has NASD Series 7 and Series 24 licenses.

ABSTRACT:

Full consideration of information security must be part of any IT outsourcing arrangement, whether the outsourced service or product is security-related or not, and whether the provider is local, in the same country, near shore or offshore. It must be examined even more closely when the service or product is in fact security-related and when the provider has access to sensitive information such as customer nonpublic personal information and company-confidential data, including intellectual property. Particular note will be made of implicit outsourcing arrangements such as occur with data aggregation, Web services, grid computing and open source. The presentation will review some of the predominant privacy and security risks of outsourcing and suggests how they might be mitigated

 Meetings are FREE and open to the PUBLIC - [http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED] as space is limited and required by building security!

[http://tinyurl.com/33htrt GOOGLE MAP DIRECTIONS]

<hr>

TOPIC:

SPEAKER BIO:

= NY/NJ OWASP Chapter Leaders =
<ul>
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Treasurer: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Board Member: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*Board Member: [mailto:pster100(at)gmail.com Peter Stern]
*Board Member: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Board Member: [mailto:Tom.ryan(at)providesecurity.com Tom Ryan]
*Board Member: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Board Member: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
*Board Member: [mailto:stanguzik(at)yahoo.com Stan Guzik]
</ul>

To submit educational topic for a future meeting please provide a short abstract/paragraph of the talk or powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include speaker BIO. Or call 973-202-0122 if you wish to host a meeting or become a chapter meeting host or co-sponsor.

<hr>

The chapter mailing address is:

NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006

New Jersey

2007-04-03T15:33:01Z

Mdontamsetti:

{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}} To submit educational topic for a future meeting please provide a short paragraph of the talk or powerpoint and speaker BIO and email [mailto:jinxpuppy(at)gmail.com Submit Talk] or call 973-202-0122 if you wish to host a meeting or become a chapter sponsor.

= NY/NJ OWASP Chapter Leaders =
<ul>
*President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
*Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
*Treasurer: [mailto:BrianPei(at)yahoo.com Brian Peister]
*Membership Chair: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
*PR Chair: [mailto:pster100(at)gmail.com Peter Stern]
*Communications: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
*Project Chair: [mailto:Tom.ryan(at)providesecurity.com Tom Ryan]
*Board Member/Projects: [mailto:oe2(at)njit.edu Osama Eljabiri]
*Board Member/Programs: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
</ul>

=2007 MEETINGS=

==APRIL 17th 6pm-9pm EST==
'''WHERE'''

[http://www.ubs.com UBS] - 499 Washington Ave, Jersey City, NJ [http://tinyurl.com/2k9hnt DIRECTIONS]

April Event Sponsors: [http://www.whitehatsec.com White Hat Security], [http://www.accessitgroup.com AccessIT Group], [http://www.ubs.com UBS], [http://www.xceedium.com/solutions/Solutions_SecurityContainment.php Xceedium], [http://en.wikipedia.org/wiki/Sponsor Your Company Here], [http://en.wikipedia.org/wiki/Sponsor Your Company Here]

'''AGENDA'''

6:00pm - 7:00pm Speaker: Marc Maiffret, Founder/CTO & Chief Hacking Officer [http://www.eeye.com eEye Digital Security] As eEye Digital Security’s Co-Founder/CTO and Chief Hacking Officer, Marc Maiffret has been a driving force in the vision and continuous innovation for eEye’s product development and vulnerability research efforts since the company’s inception in 1998. Long regarded as a security expert and thought leader in vulnerability assessment and endpoint security, Marc Maiffret also leads the efforts of eEye’s world renowned Research Team. In addition, Mr. Maiffret speaks regularly on the state of security across the globe, including several appearances before Congress, where he has testified on information policies and security threats posed to both public and private infrastructures. Mr. Maiffret’s role in vulnerability research, education and product innovation has been reflected in the numerous awards and distinguishments that eEye Digital Security continuously receives.

Abstract: “It’s More Than a Microsoft World.”
In his presentation, he will discuss the state of security and the changing nature of threats as he details why, Software vendors such as Microsoft, Apple, Symantec, IBM and McAfee are increasingly plagued with critical exploits and zero-day attacks. As the window of remediation decreases and the attack target widens, security response teams fall short of the finish line, leaving millions of users vulnerable. Mr. Maiffret will explain the evolution of attack vectors and their impact on the nature of security, the challenge facing software vendors and the overall impact this cycle of events has on network security professionals today.

--

7:00 - 8:00pm Speaker Tom Brennan - NY/NJ OWASP Metro President/AccessIT Group Risk Practice Manager - [http://www.accessitgroup.com AccessIT]. Tom Brennan specializes in providing business risk assessments and penetration testing of critical IT infrastructures. His technical focus includes web application, VOIP and Wireless. Tom’s assessment methodology is based on the National Security Agency INFOSEC Assessment Methodology and the Open Source Security Testing Methodology Manual (OSSTMM). Tom is has been featured on NYC Channel 5, Channel 7 as a subject matter security expert

Abstract: OWASP Version 2 Testing Guide
This talk will discuss the co-authored release of the new OWASP Testing Guide. The open-source (free) goal was to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues. [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_pdf.zip Get Your Copy NOW]
Tom will also discuss the OWASP chapter goals for 2007 and results of the 2007 member survey.

--

8:00pm - 9:00pm Speaker Jeremiah Grossman, Founder/CTO - [http://www.whitehatsec.com White Hat]
Mr. Grossman founded WhiteHat Security in 2001. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of web applications. As one of the world's busiest web properties, with over 17,000 web servers for customer access and 600 web applications, the highest level of security was required. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.

Abstract: “HACKING INTRANET WEBSITES FROM THE OUTSIDE” 
This hour-long presentation will feature Jeremiah Grossman, WhiteHat Security Founder and CTO.
Mr. Grossman will demonstrate: How a user is first infected or attacked using a malicious Web page or Cross-Site Scripting vulnerability; How a Web browser can be completely controlled or monitored remotely. How a Web browser can be used as a stepping stone to perform network reconnaissance on internal networks; and,
How to exploit internal machines using a compromised Web browser

--

After the event you are invited to walk several doors down to Dorrians Tavern where we will continue networking with your industry peers over a pint. "Cheers"

[http://tinyurl.com/2k9hnt DIRECTIONS]

For Mass transit, the Pavonia Ave Path stop is across the street and the
Pavonia / Newport Mall Light Rail is behind the building.

Driving Directions to Newport

From Holland Tunnel - At the first light out of the Tunnel, make a right
(by the Gas Station). At the next light, make a right onto 18th Street.
18th Street will turn into Washington Boulevard. At the fourth light,
make a right onto 6th Street. Take the next right onto Mall Drive East.
Open parking lot is straight ahead.

From Lincoln Tunnel - Upon exiting the Tunnel, immediately get into the
far right lane. Follow the Hoboken exit sign and ramp. At the first
light, the street becomes Willow Avenue. Continue straight through the
light. Proceed on Willow Avenue for approximately 1.5 miles. Continue to
the end. Turn right onto Observer Highway. At the first light, Henderson
Avenue, turn left. Stay on Henderson Avenue, under rail tracks, at first
light, 18th Street, turn left. Continue on 18th Street which turns into
Washington Boulevard.

From New Jersey Turnpike - Take the NJ Turnpike to exit 14C, the Holland
Tunnel. After the toll, continue toward the Holland Tunnel. At the
bottom of the ramp, turn right onto Jersey Avenue. Then immediately bear
left up Newport Centre Mall ramp. Follow signs to the Parking Garage.

From Garden State Parkway North - Exit at Route 22 Eastbound Exit 140.
Stay on Route 22 East until Route 1&9 North onto the Pulaski Skyway. At
the bottom of ramp, coming off Skyway going to the Holland Tunnel turn
right. Immediately bear left up the ramp to Newport Centre Mall.

From Garden State Parkway South - Exit at Parkway at Exit 145 onto Route
280 East. Stay on Route 280 until it ends. Then take Route 508 towards
Jersey City. Route 508 joins Route 7, then after crossing bridges at the
first traffic circle follow Route 1&9 North to Holland Tunnel. At the
bottom of the ramp, turn right onto Jersey Avenue. Then bear to your
left up the ramp to Newport Centre.

From Route 3 (Eastbound) - Follow Route 3 towards Lincoln Tunnel/NYC.
Stay in the far right lane. Exit at the Weehawken/Hoboken Exit ramp. Go
through first traffic light bear slightly right to proceed down the
hill. At the botton of the hill bear right again proceeding on the
Boulevard. Follow to the end and make a right onto 14th Street. Then
make the first left onto Willow Ave. Proceed on Willow Avenue for
approximately 1.5 miles. Continue to the end. Turn right onto Observer
Highway. At the first light, Henderson Avenue, turn left. Stay on
Henderson Avenue, under rail tracks, at first light, 18th Street, turn
left. Continue on 18th Street which turns into Washington Boulevard.
Stay in right lane and continue on into Newport Centre Mall Parking
Garage.

From George Washington Bridge - Follow the sign off the bridge for NJ
Turnpike South. Take NJ Turnpike to Route 78 East, Exit 14-14C. Exit
main Turnpike onto Route 78 East for 14C-Holland Tunnel. After the toll
at 14C continue towards the Holland Tunnel. At the bottom of the ramp
going to the Holland Tunnel Plaza, at first light, make right onto
Jersey Avenue. Then immediately bear left up the ramp to Newport Centre
Mall.

<hr>

==JUNE==
'''WHERE'''
TBD [http://maps.google.com DIRECTIONS] - [http://fs19.formsite.com/NJOWASP/RSVP RSVP]

'''TOPICS'''

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

<hr>

==SEPTEMBER==
'''WHERE'''
TBD [http://maps.google.com DIRECTIONS] - [http://fs19.formsite.com/NJOWASP/RSVP RSVP]

'''TOPICS'''

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

<hr>

==NOVEMBER==
'''WHERE'''
TBD [http://maps.google.com DIRECTIONS] - [http://fs19.formsite.com/NJOWASP/RSVP RSVP]

'''TOPICS'''

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

Topic: TBD - Speaker TBD - [mailto:jinxpuppy(at)gmail.com SUBMIT TALK OUTLINE + SPEAKER BIO]

<hr>

The chapter mailing address is:
NY/NJ Metro OWASP
759 Bloomfield Ave #172
West Caldwell, New Jersey 07006
General: 973-202-0122
eMail: [mailto:jinxpuppy@gmail.com General]