This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2010 Schedule"

From OWASP
Jump to: navigation, search
(Add new video releases)
 
(54 intermediate revisions by 8 users not shown)
Line 1: Line 1:
#REDIRECT [[:Category:OWASP AppSec DC 2010 Schedule]]
 
 
 
__NOTOC__  
 
__NOTOC__  
 
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]  
 
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]  
Line 6: Line 4:
 
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 
<br>
 
<br>
===[[OWASP AppSec DC 2010|Back to Conference Page]]===
+
<br>
 +
[[OWASP AppSec DC 2010|Main Conference Page]] | [[:Category:AppSec DC 2010 Presentations|Presentations Page]] | [[:Category:AppSec DC 2010 Training|Training Page]]
  
====Training 11/08====  
+
====Training 11/08====
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="6" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 1 - Nov 10th 2009'''</font>
+
| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Training Day 1 - Nov 8th 2010'''</font>
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''154A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | <br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth, 7Safe Limited
 +
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]]<br>Robert Zakon
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="5" | Lunch
+
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="7" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Class<br>Instructor| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | <br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth, 7Safe Limited
<!-- Training Day 2 -->
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]]<br>Robert Zakon
 +
<!-- Training Day 1 -->
 
|}
 
|}
 
====Training 11/09====  
 
====Training 11/09====  
{| cellspacing="0" border="2"  
+
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="6" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 2 - Nov 11th 2009'''</font>
+
| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Training Day 2 - Nov 9th 2010'''</font>
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''154A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
 +
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159B'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 2:<br>Class<br>Instructor| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
 +
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák, SEARCH-LAB
 +
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell, Denim Group
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Oliver Ng, Security Compass
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
+
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="7" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák, SEARCH-LAB
<!-- Training Day 2 -->
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell, Denim Group
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Oliver Ng, Security Compass
 +
<!-- Training Day 2 -->
 
|}
 
|}
====Talks 11/10====  
+
====Plenary Day 1 - 11/10====  
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 1 - Nov 12th 2009'''</font>
+
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Plenary Day 1 - Nov 10th 2010'''</font>
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP (146A)'''
 
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools (146B)'''
 
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Web 2.0 (146C)'''
 
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''SDLC (152A)'''
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:50  
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 +
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''
 +
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (147A)'''
 +
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (145B)'''
 +
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (145A)'''
 +
|- valign="bottom
 +
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:50  
 
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 08:50-09:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 08:50-09:00  
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]]<br>Video | [[Media: Keynote - Joe Jarzombek.pdf| Slides]]  
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Security Agency<br>[http://vimeo.com/groups/asdc10/videos/18820731 Video] | [[Media: OWASP-appsec2010-app_assurance-nziring-20101110.ppt | Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30  
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | [[Media:OWASP-US09 all about owasp speech and summit outcome.pdf| Slides]]
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | OWASP Status Update<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>[http://vimeo.com/groups/asdc10/videos/18821089 Video] | [http://www.owasp.org/images/0/0f/OWASPDC2010-v1.pdf Slides]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45  
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Redspin30x120.png|link=http://www.redspin.com]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams <br><br> Video | [[Media: OWASP ESAPI-Jeff Williams.pptx| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br>[http://vimeo.com/groups/asdc10/videos/19346235 Video] | [[Media: Python_Basics_for_Web_App_Pentesters.zip|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann <br><br> Video | [[Media: Clubbing WebApps with a Botnet - Gunter Ollmann.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | [[Media:OWASP_Dasient_11_10_10.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst<br><br> Video | [[Media: Understanding the Implications of Cloud Computing on Application Security-Dennis Hurst.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | [[Media:OWASP_-_Secure_Code_Review_Enterprise_Metrics.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey <br><br> Video | [[Media: Enterprise Application Security GEs approach to solving root cause-Darren Challey.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]]<br>Joe Jarzombek & Tom Millar<br><br>[http://vimeo.com/groups/asdc10/videos/18802696 Video] | [[Media:SwA_SCRM_10Nov2010_jj.pdf|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
+
| width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra <br><br> Video | [[Media: Software Assurance Maturity Model (SAMM)-Pravir Chandra.ppt| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br>[http://vimeo.com/groups/asdc10/videos/19344945 Video] | [[Media: Domino_testing_presentation.ppt‎ | Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger<br><br> Video | [[Media: Transparent Proxy Abuse-Robert Auger.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br>[http://vimeo.com/groups/asdc10/videos/18820054 Video] | [[Media:Magic_Numbers_-_5_KPIs_for_Measuring_WebAppSec_Program_Success_v3.2.pdf | Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini<br><br> Video | [[Media: Software Development The Next Security Frontier-Jim Molini.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | [[Media:BoozAllen-AppSecDC2010-sw_scrm.pdf|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20  
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20  
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
+
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li <br><br> Video | [[Media: DISAs Application Security and Development STIG How OWASP Can Help You-Jason Li.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | [[Media:PenTestingWithIron.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett <br><br> Video | [[Media: OWASP ModSecurity Core Rule Set-Ryan Barnett.ppt| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | [[Media: Providing-Application-level-Assurance-through-DNSSEC-final.ppt | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe <br><br> Video | [[Media: Development Issues Within AJAX Apps-Lars Ewe.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]]<br>Onn Chee & Tom Brennan <br><br>[http://vimeo.com/groups/asdc10/videos/18818757 Video] | [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf Slides]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[SDLC Panel AppSecDC|Secure SDLC Panel: Real answers from real experience]]<br><i>Panelists:</i><br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>Keith Turpin<br>&nbsp;<br><i>Moderator:</i><br>Pravir Chandra<br><br> Video | [[Media: SDLC Panel.ppt| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br><br><br>Making Security Measurable<br>[http://vimeo.com/groups/asdc10/videos/19618464 Video] | [[Media:Making_Security_Measurable_-_CWE_-_OWASP_AppSec_DC_2010_(Barnum).pdf|Slides]]<br><br><br>Understanding How They Attack Your Weaknesses<br>[http://vimeo.com/groups/asdc10/videos/19629525 Video] | [[Media:Understanding_How_They_Attack_Your_Weaknesses-CAPEC_-_OWASP_AppSec_DC_2010_(Barnum).pdf|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10  
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10  
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="1" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55  
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates <br><br> Video | [[Media: Defend Yourself-Integrating Real Time Defenses into Online Applications-Michael Coates.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br>[http://vimeo.com/groups/asdc10/videos/19357262 Video] | [[Media: Hacking_Oracle_From_Web_Apps_2.0.pptx|Slides]]
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber <br><br> Video | [[Media: Finding the Hotspots Web-security testing with the Watcher tool-Chris Weber.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br>[http://vimeo.com/groups/asdc10/videos/19355417 Video] | [[Media:Guardrails_owasp_final.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson<br><br> [http://www.vimeo.com/9037895 Video] | [[Media: Social Zombies-Kevin Johnson Tom Eston.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Framed! Security-patching Common Web Development Frameworks]] - Panel<br><br>[http://vimeo.com/groups/asdc10/videos/18808494 Video]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 2:55-3:10  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10  
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:SecureIdeas_30X65.png|link=http://www.secureideas.net]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:10-3:55  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi <br><br> Video | [[Media: The ESAPI Web Application Firewall-Arshan Dabirsiaghi.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Chris Gates<br><br>[http://vimeo.com/groups/asdc10/videos/19104630 Video] | [[Media: WXf_ASDC_Presentation.odp.zip | Slides]]
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna <br><br> Video | [[Media: One Click Ownage-Ferruh Mavituna.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br>[http://vimeo.com/groups/asdc10/videos/19104928 Video] | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey<br><br> [http://www.vimeo.com/8980691 Video] | [[Media: Cloudy with a chance of 0 day - Jon Rose-Tom Leavey.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> [http://vimeo.com/groups/asdc10/videos/19629938 Video] | [[Media: Andrew_Weidenhamer_AppSecDC_Presentation.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk <br><br> Video | [[Media: The essential role of IR in software development-Kenneth van Wyk.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> [http://vimeo.com/groups/asdc10/videos/19914698 Video] | [[Media:20101110_-_Ensuring_Software_Assurance_Process_Maturity_-_Final.pptx|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura <br><br> Video | [[Media: Web Application Security Scanner Evaluation Criteria - Brian Shura.ppt | Slides]]
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
 
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]]<br> [http://vimeo.com/groups/asdc10/videos/19908268 Video]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | [[Media:OWASP_Bot_res_enc.pptx|Slides]]
 +
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>[http://vimeo.com/groups/asdc10/videos/19331937 Video] | [[Media:Chuck_Willis_OWASPBWA_for_OWASP_AppSecDC_2010-11-10.pdf|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br>[http://vimeo.com/groups/asdc10/videos/19105480 Video] | [[Media: OWASP_DC_2010_Moss_fin.pptx|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:00-4:45
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | [[Media: Smashing_WebGoat_-_AppSecDC_Presentation.odp.zip|Slides]]
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey <br><br> Video | [[Media: OWASP Live CD An open environment for Web Application Security-Matt Tesauro Brad Causey.ppt| Slides]]
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis<br><br> Video | [[Media: Learning by Breaking A New Project Insecure Web Apps-Chuck Willis.ppt| Slides]] 
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield<br><br> Video | [[Media: Attacking WCF Web Services-Brian Holyfield.pdf| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell <br><br> Video | [[Media: Vulnerability Management in an Application Security World-Dan Cornell.pdf| Slides]]  
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br>
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
Josh Abraham <br><br> Video | [[Media: Synergy A world where tools communicate-Josh Abraham.pptx| Slides]]
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]]<br>David Shelly, Randy Marchany & Joseph Tront<br><br>[http://vimeo.com/groups/asdc10/videos/18984178 Video] | [[Media:Closing_the_Gap_AppSecDC_Shelly.ppt|Slides]]
 +
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:50-5:55
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>[http://vimeo.com/groups/asdc10/videos/19337407 Video] | [[Media:AppSecDC_2010-WHID_Report-Ryan_Barnett.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner <br><br> Video | [[Media: The Entrepreneurs Guide to Career Management-Lee Kushner.pdf| Slides]]
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates <br><br> Video | [[Media: Advanced SSL The good the bad and the ugly-Michael Coates.pdf| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies]]<br>Rafal Los<br><br> Video | [[Media: When Web 2.0 Attacks - Understanding Security Implications of Highly Interactive Technologies-Rafal Los.pdf| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven <br><br> Video | [[Media: none.pdf| Slides]]  
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco<br><br> Video | [[Media: User input piercing for Cross Site Scripting Attacks-Matias Blanco.pdf| Slides]]
+
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30
|- valign="bottom"
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails sponsored by [[Image:Trustwave50x250.png|link=https://www.trustwave.com/‎‎]]
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-8:00
+
<!-- Day 1 -->
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (151)<br>Sponsored by [[Image:AppSecDC2009-Sponsor-cenzic.gif|link=http://www.cenzic.com/]]<!-- Day 2 -->
 
 
|}
 
|}
====Talks 11/11====  
+
====Plenary Day 2 - 11/11====  
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 2 - Nov 13th 2009'''</font>
+
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Plenary Day 2 - Nov 11th 2010'''</font>
 +
|- valign="bottom"
 +
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 +
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''
 +
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (147A)'''
 +
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (145B)'''
 +
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (145A)'''
 +
|- valign="bottom"
 +
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:55
 +
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
+
| width="72" valign="middle" bgcolor="#7b8abd" | 08:55-09:00
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)'''
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Day 2 Opening Remarks
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack &amp; Defend (146B)'''
 
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)'''
 
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)'''
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 8:00-9:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration & Coffee sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>[http://vimeo.com/groups/asdc10/videos/18826138 Video] | [[Media: OWASP-11-11-2010-Ross.pptx|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher <br><br> Video | [[Media: none.pdf| Slides]]
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Trustwave30x150.png|link=https://www.trustwave.com/‎‎]]  
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja <br><br> Video | [[Media: Securing the Core JEE Patterns-Rohit Sethi Krishna Raja.pdf| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett <br><br> [http://www.vimeo.com/8998992 Video] | [[Media: Web Hacking Incidents Database-Ryan Barnett.pdf | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Amichai Shulman<br><br> [http://www.vimeo.com/9037171 Video] | [[Media: Business Logic Automatons - Friend or Foe - Amichai Shulman.pptx| Slides]]  
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> [http://vimeo.com/groups/asdc10/videos/19891280 Video] | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | [[Media:OWASP_Cloudy_with_a_chance_of_hack_Nov_2010.pdf|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Don't Judge a Website by its Icon - Read the Label!|Don’t Judge a Website by its Icon – Read the Label!]]<br>Jeff Williams<br><br>Video | [[Media:2010-11_OWASP_Software_Labels.pptx|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br>[http://vimeo.com/groups/asdc10/videos/18980995 Video] | [[Media: ApplicationPortfolioRiskRanking_BanishingFUDWithStructureAndNumbers_Content.pdf|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe <br><br> Video | [[Media: Scalable Application Assessments in the Enterprise-Tom Parker Lars Ewe.pdf| Slides]]
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] 
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> [http://www.vimeo.com/9007894 Video] | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]]
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40
+
| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> [http://vimeo.com/groups/asdc10/videos/19912816 Video] | [[Media: OWASP_AppSec_DC_2010_-_Deconstructing_ColdFusion.pdf|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Brandon Sterne<br><br> [http://vimeo.com/groups/asdc10/videos/18984410 Video] | [[Media: Mozilla_OWASP_AppSec_2010_DC.pdf‎|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br>[http://vimeo.com/groups/asdc10/videos/19105173 Video] | [[Media: Secure_Coding_Practices_Quick_Ref_4.ppt|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | [[Media:CodeReviewStrategies.pptx|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen <br><br> Video | [[Media: none.pdf| Slides]]
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber<br><br> Video | [[Media: Unicode Transformations Finding Elusive Vulnerabilities-Chris Weber.pdf| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> [http://www.vimeo.com/9006276 Video] | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin<br><br> Video | [[Media: Secure SDLC The Good The Bad The Ugly-Joey Peloquin.ppt| Slides]]
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:25-12:30
+
| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br>[http://vimeo.com/groups/asdc10/videos/18810353 Video] | [[Media: Friendly_Traitor_2.pdf|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | [[Media:Exploiting_Media_For_Fun_and_Profit.ppt|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | [[Media: AppSecDC_Open_Source_Web_Entry_Server_V2.2.ppt|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br>[http://vimeo.com/groups/asdc10/videos/19105707 Video] | [[Media:OWASP_AppSec_DC_2010_-_Microsoft_SDL-Agile_Presentation_-_Nick_Coblentz_2010-11-11.pdf|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
+
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott<br><br> Video | [[Media: Cory Scott - Improving AppSec after an incident.ppt| Slides]] 
+
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen <br><br> Video | [[Media: The 10 least-likely and most dangerous people on the Internet - Robert Hansen.pdf| Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan <br><br> Video | [http://www.owasp.org/images/0/06/WPstats_fall09_8th.pdf Slides]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] <br><br> Video
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>Jon McCoy<br><br>[http://vimeo.com/groups/asdc10/videos/18984620 Video] | [[Media: AppSecDC_-_Attacking_.NET_Applications_at_Runtime.ppt|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br>[http://vimeo.com/groups/asdc10/videos/18820461 Video] | [[Media: Life_In_the_Clouds.Smith.AppSecDC2010.pdf|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | [[Media:ESAPI-2010-AppSecDC.pptx|Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Financial Services Panel]]
 +
|- valign="bottom"
 +
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo <br><br> Video | [http://www.owasp.org/images/7/72/US09-OWASP-Deploying-Apps_Seba_-_Fabio.ppt Slides]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br>[http://vimeo.com/groups/asdc10/videos/19051012 Video] | [[Media:JavaSnoop_-_OWASP_AppSec_DC_2010.pptx|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson <br><br> Video | [[Media: Automated vs Manual Security You can't filter The Stupid-David Byrne Charles Henderson.pdf| Slides]]
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br>[http://vimeo.com/groups/asdc10/videos/18827316 Video] | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> [http://www.vimeo.com/8989378 Video] | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> [http://vimeo.com/groups/asdc10/videos/19631724 Video] | [[Media:AppSecDC-colin-watson-appsensor.ppt|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20
+
| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Coffee break sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC-2010-Syngress75x30.gif‎‎|link=http://www.syngress.com/]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 3:30-4:15
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz<br><br> Video | [http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf Slides]  
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord <br><br> Video | [[Media: The OWASP Security Spending Benchmarks Project - Dr Boaz Gelbord.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | [[Media:AppSecDC_2010-ModSecurityCRS_Ryan_Barnett.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]]
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 3:05-3:10
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:15-4:20
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney <br><br> Video | [[Media: Custom Intrusion Detection Techniques for Monitoring Web Applications-Matthew Olney.pdf| Slides]]
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> [http://vimeo.com/groups/asdc10/videos/19632487 Video] | Slides
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch <br><br> Video | [[Media: Manipulating Web App Interfaces - Felipe Moreno.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam <br><br> Video | [[Media: SANS Dshield Webhoneypot-Jason Lam.pdf| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | [[Media:Esapi_swingset_talk_dc.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]]  
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> [http://vimeo.com/groups/asdc10/videos/19908922 Video] | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
+
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes<br>The OWASP AppSec DC Team<!-- Day 2 -->
|- valign="bottom"
 
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15
 
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson<br> Video | [[Media: ClosingRemarks.pptx| Slides]]
 
 
|}
 
|}
 
<headertabs />
 
<headertabs />
  
===[[OWASP AppSec DC 2010|Back to Conference Page]]===
+
[[OWASP AppSec DC 2010|Main Conference Page]] | [[:Category:AppSec DC 2010 Presentations|Presentations Page]] | [[:Category:AppSec DC 2010 Training|Training Page]]
 
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_09]]
 
 
 
  
[[Category:OWASP_AppSec_DC_2010]]
+
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_2010]]

Latest revision as of 14:21, 4 March 2011

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Main Conference Page | Presentations Page | Training Page

Training 11/08

Training Day 1 - Nov 8th 2010
  149A 149B 154A 155 154B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		The Art of Exploiting SQL Injections
Sumit Siddharth, 7Safe Limited 		WebAppSec.php: Developing Secure Web Applications
Robert Zakon
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		The Art of Exploiting SQL Injections
Sumit Siddharth, 7Safe Limited 		WebAppSec.php: Developing Secure Web Applications
Robert Zakon

Training 11/09

Training Day 2 - Nov 9th 2010
  149A 149B 154A 155 154B 159B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		Java Security Overview
Zoltán Hornák, SEARCH-LAB 		Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell, Denim Group 		Threat Modeling Express
Rohit Sethi & Oliver Ng, Security Compass
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		Java Security Overview
Zoltán Hornák, SEARCH-LAB 		Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell, Denim Group 		Threat Modeling Express
Rohit Sethi & Oliver Ng, Security Compass

Plenary Day 1 - 11/10

Plenary Day 1 - Nov 10th 2010
  Offense (147B) Defense (147A) Metrics (145B) Government (145A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Neal Ziring
National Security Agency
Video | Slides
10:00-10:30 OWASP Status Update
OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by Redspin30x120.png
10:45-11:30 Python Basics for Web App Pentesters
Justin Searle

Video | Slides 		Drive By Downloads: How To Avoid Getting A Cap Popped In Your App
Neil Daswani

Video | Slides 		Secure Code Review: Enterprise Metrics
Richard Tychansky

Video | Slides 		Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise
Joe Jarzombek & Tom Millar

Video | Slides
11:30-11:35 Break
11:35-12:20 White and Black box testing of Lotus Domino Applications
Ari Elias-bachrach and Casey Pike

Video | Slides 		Protecting Federal Government from Web 2.0 Application Security Risks
Sarbari Gupta

Video | Slides 		Measuring Security: 5 KPIs for Successful Web App Security Programs
Rafal Los

Video | Slides 		Security Risk and the Software Supply Chain
Karen Goertzel

Video | Slides
12:20-1:20 Lunch
1:20-2:05 Pen Testing with Iron
Andrew Wilson

Video | Slides 		Providing application-level assurance through DNSSEC
Suresh Krishnaswamy, Wes Hardaker and Russ Mundy

Video | Slides 		H.....t.....t....p.......p....o....s....t
Onn Chee & Tom Brennan

Video | Slides 		Understanding How They Attack Your Weaknesses: CAPEC
Sean Barnum



Making Security Measurable
Video | Slides


Understanding How They Attack Your Weaknesses
Video | Slides
2:05-2:10 Break Break
2:10-2:55 Hacking Oracle From Web Apps
Sumit Siddharth

Video | Slides 		GuardRails: A (Nearly) Painless Solution to Insecure Web Applications
Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri

Video | Slides 		Framed! Security-patching Common Web Development Frameworks - Panel

Video
2:55-3:10 Coffee Break sponsored by SecureIdeas 30X65.png
3:10-3:55 wXf: Web Exploitation Framework
Ken Johnson and Chris Gates

Video | Slides 		The Strengths of Combining Code Review with Application Penetration Testing
Dave Wichers

Video | Slides 		Dealing with Web Application Security, Regulation Style
Andrew Weidenhamer

Video | Slides 		Ensuring Software Assurance Process Maturity
Edmund Wotring

Video | Slides
3:55-4:00 Break
4:00-4:45 Pen-Test Panel
Video 		Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild and Peter Greko

Video | Slides 		OWASP Broken Web Applications Project Update
Chuck Willis
Video | Slides 		People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group
Michele Moss

Video | Slides
Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation
Joshua Windsor and Joshua Pauli
Video | Slides
4:45-4:50 Break
4:50-5:35 Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners
David Shelly, Randy Marchany & Joseph Tront

Video | Slides 		Using Misuse Cases to Articulate Vulnerabilities to Stakeholders
Scott Mendenhall
Video | Slides 		Federal Perspectives on Application Security - Panel
The Web Hacking Incident Database (WHID) Report
Ryan Barnett
Video | Slides
5:30-7:30 Cocktails sponsored by Trustwave50x250.png

Plenary Day 2 - 11/11

Plenary Day 2 - Nov 11th 2010
  Offense (147B) New Frontiers (147A) OWASP (145B) Process (145A)
07:30-08:55 Registration
08:55-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote: Ron Ross
National Institute of Standards and Technology
Video | Slides
10:00-10:15 Coffee Break sponsored by Trustwave30x150.png
10:15-11:00 Hacking SAP BusinessObjects
Joshua Abraham and Will Vandevanter

Video | Slides 		Cloudy with a chance of hack!
Lars Ewe

Video | Slides 		Don’t Judge a Website by its Icon – Read the Label!
Jeff Williams

Video | Slides 		Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Dan Cornell

Video | Slides
11:00-11:05 Break
11:05-11:50 Deconstructing ColdFusion
Chris Eng and Brandon Creighton

Video | Slides 		Declarative Web Security
Brandon Sterne

Video | Slides 		The Secure Coding Practices Quick Reference Guide
Keith Turpin

Video | Slides 		Code Reviewing Strategies
Andrew Wilson and John Hoopes

Video | Slides
11:50-11:55 Break
11:55-12:40 Friendly Traitor 2 Features are hot but giving up our secrets is not!
Kevin Johnson and Mike Poor

Video | Slides 		Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files
Aleksandr Yampolskiy

Video | Slides 		Open Source Web Entry Firewall
Ivan Buetler

Video | Slides 		Microsoft's Security Development Lifecycle for Agile Development
Nick Coblentz

Video | Slides
12:40-1:40 Lunch
1:40-2:25 Hacking .NET Applications at Runtime: A Dynamic Attack
Jon McCoy

Video | Slides 		Life in the Clouds: a Service Provider's View
Michael Smith

Video | Slides 		Solving Real World Problems with ESAPI
Chris Schmidt

Video | Slides 		Financial Services Panel
2:25-2:30 Break
2:30-3:15 JavaSnoop: How to hack anything written in Java
Arshan Dabirsiaghi

Video | Slides 		Social Zombies Gone Wild: Totally Exposed and Uncensored
Kevin Johnson and Tom Eston

Video | Slides 		Attack Detection and Prevention with OWASP AppSensor
Colin Watson

Video | Slides
3:15-3:30 Coffee Break sponsored by AppSecDC-2010-Syngress75x30.gif
3:30-4:15 Unlocking the Toolkit: Attacking Google Web Toolkit
Ron Gutierrez

Video | Slides 		Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications
Dan Cornell

Video | Slides 		OWASP ModSecurity Core Rule Set
Ryan Barnett

Video | Slides 		Implementing a Secure Software Development Program
Darren Death

Video | Slides
4:15-4:20 Break
4:20-5:05 Constricting the Web: Offensive Python for Web Hackers
Marcin Wielgoszewski and Nathan Hamiel

Video | Slides 		Threats from Economical Improvement
Eduardo Neves

Video | Slides 		OWASP ESAPI SwingSet
Fabio Cerullo

Video | Slides 		The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform
Benjamin Tomhave

Video | Slides
5:05-5:30 Closing Remarks/Prizes
The OWASP AppSec DC Team

Main Conference Page | Presentations Page | Training Page

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2010_Schedule&oldid=106236"