OWASP AppSec Seattle 2006/Agenda - Revision history

Wichers: Protected "OWASP AppSec Seattle 2006/Agenda" [edit=sysop:move=sysop]

2007-12-04T21:19:18Z

Protected "OWASP AppSec Seattle 2006/Agenda" [edit=sysop:move=sysop]

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-26T14:51:23Z

‎OWASP Seattle 2006 Conference Schedule

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-26T01:13:46Z

‎OWASP Seattle 2006 Conference Schedule

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-25T01:26:40Z

‎OWASP Seattle 2006 Conference Schedule

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-23T17:37:11Z

‎OWASP Seattle 2006 Conference Schedule

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-20T20:09:45Z

‎OWASP Seattle 2006 Conference Schedule

Wichers: /* OWASP Seattle 2006 Conference Schedule */

2006-10-20T00:27:07Z

‎OWASP Seattle 2006 Conference Schedule

Wichers: /* OWASP Seattle 2006 Conference Schedule */

2006-10-18T21:38:39Z

‎OWASP Seattle 2006 Conference Schedule

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-11T18:37:30Z

‎OWASP Seattle 2006 Conference Schedule

Esheridan: /* OWASP Seattle 2006 Conference Schedule */

2006-10-11T18:36:06Z

‎OWASP Seattle 2006 Conference Schedule

@@ Line 46: / Line 46: @@
   |-
   | style="width:10%; background:#7B8ABD" | 15:20-16:30 || style="width:40%; background:#BC857A" align="left" | Agile and Secure: Can We Be Both?, Dan Cornell, Principal, Denim Group ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_AgileAndSecure.ppt ppt])
-  | style="width:40%; background:#BCA57A" align="left" | The OWASP Code review, Testing guide & Live CD, an introduction., Eoin Keary, Sr Security Consultant, Rits (Ireland), OWASP Testing and Code Review Lead ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASPTestingGuide.ppt ppt])
+  | style="width:40%; background:#BCA57A" align="left" | The OWASP Code review, Testing guide & Live CD, an introduction., Eoin Keary, Sr Security Consultant, Rits (Ireland), OWASP Testing and Code Review Lead ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASPTesting-CodeReviewGuides-LiveCD.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 16:30-16:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

@@ Line 35: / Line 35: @@
   |-
   | style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:40%; background:#BC857A" align="left" | Why AJAX Applications are far more likely to be insecure, and What to do about it, Dave Wichers, COO Aspect Security ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt ppt])
-  | style="width:40%; background:#BCA57A" align="left" | OWASP Application Security Metrics and Assessment Standards Projects
+  | style="width:40%; background:#BCA57A" align="left" | OWASP Application Security Metrics ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Security_Metrics.ppt ppt])<br/>and Assessment Standards Projects ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASP_Assessment_Standards_Project.ppt ppt])
-Bob Austin, OWASP Application Security Metrics Project Lead President, KoreLogic Security and Cliff Barlow, OWASP Application Security Assessment Standards Project Lead Director Security Services, KoreLogic Security ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Security_Metrics.ppt ppt])
+Bob Austin, OWASP Application Security Metrics Project Lead President, KoreLogic Security and Cliff Barlow, OWASP Application Security Assessment Standards Project Lead Director Security Services, KoreLogic Security
   |-
   | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch

@@ Line 30: / Line 30: @@
   | style="width:10%; background:#7B8ABD" | 09:10-10:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: Security in the Payment Card Industry, Hap Huynh, Information Security Specialist, VISA USA ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_SecurityPCI.pdf pdf])
   |-
-  | style="width:10%; background:#7B8ABD" | 10:10-11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP .Net Project Lead
+  | style="width:10%; background:#7B8ABD" | 10:10-11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP .Net Project Lead ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASP2.0-KeyNote.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 11:10-11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
@@ Line 41: / Line 41: @@
   |-
   | style="width:10%; background:#7B8ABD" | 13:45-15:00 || style="width:40%; background:#BC857A" align="left" | Using Sprajax to Test AJAX Security, Dan Cornell, Principal, Denim Group ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_UsingSprajaxToTestAJAXSecurity.ppt ppt])
-  | style="width:40%; background:#BCA57A" align="left" | Home-grown Crypto (aka Taking a Knife to a Gun Fight), Hank Leininger, Senior Security Consultant, KoreLogic Security
+  | style="width:40%; background:#BCA57A" align="left" | Home-grown Crypto (aka Taking a Knife to a Gun Fight), Hank Leininger, Senior Security Consultant, KoreLogic Security ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Homegrown_Crypto.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 15:00-15:20 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
   |-
   | style="width:10%; background:#7B8ABD" | 15:20-16:30 || style="width:40%; background:#BC857A" align="left" | Agile and Secure: Can We Be Both?, Dan Cornell, Principal, Denim Group ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_AgileAndSecure.ppt ppt])
-  | style="width:40%; background:#BCA57A" align="left" | The OWASP Code review, Testing guide & Live CD, an introduction., Eoin Keary, Sr Security Consultant, Rits (Ireland), OWASP Testing and Code Review Lead
+  | style="width:40%; background:#BCA57A" align="left" | The OWASP Code review, Testing guide & Live CD, an introduction., Eoin Keary, Sr Security Consultant, Rits (Ireland), OWASP Testing and Code Review Lead ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASPTestingGuide.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 16:30-16:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
@@ Line 74: / Line 74: @@
   | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
   |-
-  | style="width:10%; background:#7B8ABD" | 13:45-15:10 || style="width:40%; background:#BC857A" align="left" | Advanced Web Services Security and Hacking, Justin Derry, Application Security Practice Leader, b-sec Consulting Pty Ltd (Australia)
+  | style="width:10%; background:#7B8ABD" | 13:45-15:10 || style="width:40%; background:#BC857A" align="left" | Advanced Web Services Security and Hacking, Justin Derry, Application Security Practice Leader, b-sec Consulting Pty Ltd (Australia) ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Web_Services_Security.ppt ppt])
   | style="width:40%; background:#BCA57A" align="left" | "Web Application Incident Response & Forensics: A Whole New Ball Game" ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_WebAppForensics.ppt ppt]) and "OWASP Java Project Status", Chuck Willis, Sr. Consultant, Mandiant ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASP-Java-Project-Status.ppt ppt])
   |-

@@ Line 75: / Line 75: @@
   |-
   | style="width:10%; background:#7B8ABD" | 13:45-15:10 || style="width:40%; background:#BC857A" align="left" | Advanced Web Services Security and Hacking, Justin Derry, Application Security Practice Leader, b-sec Consulting Pty Ltd (Australia)
-  | style="width:40%; background:#BCA57A" align="left" | "Web Application Incident Response & Forensics: A Whole New Ball Game" and "OWASP Java Project Status", Chuck Willis, Sr. Consultant, Mandiant ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_WebAppForensics.ppt ppt1], [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASP-Java-Project-Status.ppt ppt2])
+  | style="width:40%; background:#BCA57A" align="left" | "Web Application Incident Response & Forensics: A Whole New Ball Game" ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_WebAppForensics.ppt ppt]) and "OWASP Java Project Status", Chuck Willis, Sr. Consultant, Mandiant ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASP-Java-Project-Status.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 15:10-15:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

@@ Line 28: / Line 28: @@
   | style="width:10%; background:#7B8ABD" | 09:00-09:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Welcome to AppSec 2006 Seattle: Dave Wichers, OWASP Conferences Chair
   |-
-  | style="width:10%; background:#7B8ABD" | 09:10-10:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: Security in the Payment Card Industry, Hap Huynh, Information Security Specialist, VISA USA
+  | style="width:10%; background:#7B8ABD" | 09:10-10:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: Security in the Payment Card Industry, Hap Huynh, Information Security Specialist, VISA USA ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_SecurityPCI.pdf pdf])
   |-
   | style="width:10%; background:#7B8ABD" | 10:10-11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP .Net Project Lead
@@ Line 34: / Line 34: @@
   | style="width:10%; background:#7B8ABD" | 11:10-11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
   |-
-  | style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:40%; background:#BC857A" align="left" | Why AJAX Applications are far more likely to be insecure, and What to do about it, Dave Wichers, COO Aspect Security
+  | style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:40%; background:#BC857A" align="left" | Why AJAX Applications are far more likely to be insecure, and What to do about it, Dave Wichers, COO Aspect Security ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt ppt])
   | style="width:40%; background:#BCA57A" align="left" | OWASP Application Security Metrics and Assessment Standards Projects
-Bob Austin, OWASP Application Security Metrics Project Lead President, KoreLogic Security and Cliff Barlow, OWASP Application Security Assessment Standards Project Lead Director Security Services, KoreLogic Security
+Bob Austin, OWASP Application Security Metrics Project Lead President, KoreLogic Security and Cliff Barlow, OWASP Application Security Assessment Standards Project Lead Director Security Services, KoreLogic Security ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Security_Metrics.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
   |-
-  | style="width:10%; background:#7B8ABD" | 13:45-15:00 || style="width:40%; background:#BC857A" align="left" | Using Sprajax to Test AJAX Security, Dan Cornell, Principal, Denim Group
+  | style="width:10%; background:#7B8ABD" | 13:45-15:00 || style="width:40%; background:#BC857A" align="left" | Using Sprajax to Test AJAX Security, Dan Cornell, Principal, Denim Group ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_UsingSprajaxToTestAJAXSecurity.ppt ppt])
   | style="width:40%; background:#BCA57A" align="left" | Home-grown Crypto (aka Taking a Knife to a Gun Fight), Hank Leininger, Senior Security Consultant, KoreLogic Security
   |-
   | style="width:10%; background:#7B8ABD" | 15:00-15:20 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
   |-
-  | style="width:10%; background:#7B8ABD" | 15:20-16:30 || style="width:40%; background:#BC857A" align="left" | Agile and Secure: Can We Be Both?, Dan Cornell, Principal, Denim Group
+  | style="width:10%; background:#7B8ABD" | 15:20-16:30 || style="width:40%; background:#BC857A" align="left" | Agile and Secure: Can We Be Both?, Dan Cornell, Principal, Denim Group ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_AgileAndSecure.ppt ppt])
   | style="width:40%; background:#BCA57A" align="left" | The OWASP Code review, Testing guide & Live CD, an introduction., Eoin Keary, Sr Security Consultant, Rits (Ireland), OWASP Testing and Code Review Lead
   |-
@@ Line 63: / Line 63: @@
   | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Coffee
   |-
-  | style="width:10%; background:#7B8ABD" | 09:00-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Michael Howard, Senior Security Program Manager, Microsoft and coauthor of Writing Secure Code, 2nd Ed., 19 Deadly Sins of Software Security, and the recently released Microsoft Security Development Lifecycle (SDL).
+  | style="width:10%; background:#7B8ABD" | 09:00-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Michael Howard, Senior Security Program Manager, Microsoft and coauthor of Writing Secure Code, 2nd Ed., 19 Deadly Sins of Software Security, and the recently released Microsoft Security Development Lifecycle (SDL). ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_SecurityEngineeringInVista.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 10:20-11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | OWASP 2.0 (continued) - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP .Net Project Lead
@@ Line 70: / Line 70: @@
   |-
   | style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:40%; background:#BC857A" align="left" | Buffer Overflows on the .Net Framework, Dinis Cruz, OWASP .Net Project Lead
-  | style="width:40%; background:#BCA57A" align="left" | From Startup to IPO: Managing Security Risk in a Rapidly Growing Enterprise, Brian Chess, Chief Scientist, Fortify
+  | style="width:40%; background:#BCA57A" align="left" | From Startup to IPO: Managing Security Risk in a Rapidly Growing Enterprise, Brian Chess, Chief Scientist, Fortify ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_FromStartuptoIPO-Managing_Security_Risk.ppt ppt])
   |-
   | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
   |-
   | style="width:10%; background:#7B8ABD" | 13:45-15:10 || style="width:40%; background:#BC857A" align="left" | Advanced Web Services Security and Hacking, Justin Derry, Application Security Practice Leader, b-sec Consulting Pty Ltd (Australia)
-  | style="width:40%; background:#BCA57A" align="left" | "Web Application Incident Response & Forensics: A Whole New Ball Game" and "OWASP Java Project Status", Chuck Willis, Sr. Consultant, Mandiant
+  | style="width:40%; background:#BCA57A" align="left" | "Web Application Incident Response & Forensics: A Whole New Ball Game" and "OWASP Java Project Status", Chuck Willis, Sr. Consultant, Mandiant ([http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_WebAppForensics.ppt ppt1], [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_OWASP-Java-Project-Status.ppt ppt2])
   |-
   | style="width:10%; background:#7B8ABD" | 15:10-15:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

← Older revision	Revision as of 21:19, 4 December 2007
(No difference)

@@ Line 81: / Line 81: @@
   | style="width:10%; background:#7B8ABD" | 15:30-16:30 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: “What is in your application security toolbox?”
 Moderator: Gunnar Peterson, Managing Principal, Arctec Group<br/>
-Panelists: Dave Wichers, COO, Aspect Security; Brian Chess, Chief Scientist, Fortify; Alan Murphy, Product Management Engineer, F5; Danny Allan, Director, Security Research, Watchfire; James Whittaker, Security Engineer, Microsoft
+Panelists: Dave Wichers, COO, Aspect Security; Brian Chess, Chief Scientist, Fortify; Alan Murphy, Product Management Engineer, F5; Danny Allan, Director, Security Research, Watchfire; James Whittaker, Security Architect, Microsoft
   |-
   | style="width:10%; background:#7B8ABD" | 16:30-16:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

@@ Line 51: / Line 51: @@
   |-
   | style="width:10%; background:#7B8ABD" | 16:50-18:00 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: "The role of frameworks (e.g., .Net, Java, Enterprise Library, Struts, JaCorb) in 'forcing' developers to create and deploy 'secure' applications"
-Moderator: Dave Wichers, COO, Aspect Security and OWASP Conferences Chair
+Moderator: Dave Wichers, COO, Aspect Security and OWASP Conferences Chair<br/>
 Panelists: Dinis Cruz, OWASP .Net Project Lead; Charlie Kaufman, Microsoft Security Architect for the CLR; Brad Hill, iSEC Partners; Walter Pearce, IOActive; Dan Cornell, Principal, Denim Group
   |-
@@ Line 80: / Line 80: @@
   |-
   | style="width:10%; background:#7B8ABD" | 15:30-16:30 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: “What is in your application security toolbox?”
-Moderator: Gunnar Peterson, Managing Principal, Arctec Group
+Moderator: Gunnar Peterson, Managing Principal, Arctec Group<br/>
 Panelists: Dave Wichers, COO, Aspect Security; Brian Chess, Chief Scientist, Fortify; Alan Murphy, Product Management Engineer, F5; Danny Allan, Director, Security Research, Watchfire; Michael Howard, Senior Security Program Manager, Microsoft
   |-