Difference between revisions of "OWASP AppSec DC 2010 Schedule"

Latest revision as of 14:21, 4 March 2011

Registration | Hotel | Walter E. Washington Convention Center

Main Conference Page | Presentations Page | Training Page

Training 11/08

Training Day 1 - Nov 8th 2010
	149A	149B	154A	155	154B
09:00-12:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle, InGuardians	Day 1: Leading an AppSec Initiative Jeff Williams, Aspect Security	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades, Maven Security	The Art of Exploiting SQL Injections Sumit Siddharth, 7Safe Limited	WebAppSec.php: Developing Secure Web Applications Robert Zakon
12:00-13:00	Lunch
13:00-17:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle, InGuardians	Day 1: Leading an AppSec Initiative Jeff Williams, Aspect Security	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades, Maven Security	The Art of Exploiting SQL Injections Sumit Siddharth, 7Safe Limited	WebAppSec.php: Developing Secure Web Applications Robert Zakon

Training 11/09

Training Day 2 - Nov 9th 2010
	149A	149B	154A	155	154B	159B
09:00-12:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle, InGuardians	Day 1: Leading an AppSec Initiative Jeff Williams, Aspect Security	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades, Maven Security	Java Security Overview Zoltán Hornák, SEARCH-LAB	Software Security Remediation: How to Fix Application Vulnerabilities Dan Cornell, Denim Group	Threat Modeling Express Rohit Sethi & Oliver Ng, Security Compass
12:00-13:00	Lunch
13:00-17:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle, InGuardians	Day 1: Leading an AppSec Initiative Jeff Williams, Aspect Security	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades, Maven Security	Java Security Overview Zoltán Hornák, SEARCH-LAB	Software Security Remediation: How to Fix Application Vulnerabilities Dan Cornell, Denim Group	Threat Modeling Express Rohit Sethi & Oliver Ng, Security Compass

Plenary Day 1 - 11/10

Plenary Day 1 - Nov 10th 2010
	Offense (147B)	Defense (147A)	Metrics (145B)	Government (145A)
07:30-08:50	Registration
08:50-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote: Neal Ziring National Security Agency Video \| Slides
10:00-10:30	OWASP Status Update OWASP Board Video \| Slides
10:30-10:45	Coffee Break sponsored by
10:45-11:30	Python Basics for Web App Pentesters Justin Searle Video \| Slides	Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani Video \| Slides	Secure Code Review: Enterprise Metrics Richard Tychansky Video \| Slides	Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise Joe Jarzombek & Tom Millar Video \| Slides
11:30-11:35	Break
11:35-12:20	White and Black box testing of Lotus Domino Applications Ari Elias-bachrach and Casey Pike Video \| Slides	Protecting Federal Government from Web 2.0 Application Security Risks Sarbari Gupta Video \| Slides	Measuring Security: 5 KPIs for Successful Web App Security Programs Rafal Los Video \| Slides	Security Risk and the Software Supply Chain Karen Goertzel Video \| Slides
12:20-1:20	Lunch
1:20-2:05	Pen Testing with Iron Andrew Wilson Video \| Slides	Providing application-level assurance through DNSSEC Suresh Krishnaswamy, Wes Hardaker and Russ Mundy Video \| Slides	H.....t.....t....p.......p....o....s....t Onn Chee & Tom Brennan Video \| Slides	Understanding How They Attack Your Weaknesses: CAPEC Sean Barnum Making Security Measurable Video \| Slides Understanding How They Attack Your Weaknesses Video \| Slides
2:05-2:10	Break		Break
2:10-2:55	Hacking Oracle From Web Apps Sumit Siddharth Video \| Slides	GuardRails: A (Nearly) Painless Solution to Insecure Web Applications Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri Video \| Slides	Framed! Security-patching Common Web Development Frameworks - Panel Video
2:55-3:10	Coffee Break sponsored by
3:10-3:55	wXf: Web Exploitation Framework Ken Johnson and Chris Gates Video \| Slides	The Strengths of Combining Code Review with Application Penetration Testing Dave Wichers Video \| Slides	Dealing with Web Application Security, Regulation Style Andrew Weidenhamer Video \| Slides	Ensuring Software Assurance Process Maturity Edmund Wotring Video \| Slides
3:55-4:00	Break
4:00-4:45	Pen-Test Panel Video	Botnet Resistant Coding: Protecting Your Users from Script Kiddies Fabian Rothschild and Peter Greko Video \| Slides	OWASP Broken Web Applications Project Update Chuck Willis Video \| Slides	People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group Michele Moss Video \| Slides
			Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Joshua Windsor and Joshua Pauli Video \| Slides
4:45-4:50		Break
4:50-5:35		Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly, Randy Marchany & Joseph Tront Video \| Slides	Using Misuse Cases to Articulate Vulnerabilities to Stakeholders Scott Mendenhall Video \| Slides	Federal Perspectives on Application Security - Panel
			The Web Hacking Incident Database (WHID) Report Ryan Barnett Video \| Slides
5:30-7:30	Cocktails sponsored by

Plenary Day 2 - 11/11

Plenary Day 2 - Nov 11th 2010
	Offense (147B)	New Frontiers (147A)	OWASP (145B)	Process (145A)
07:30-08:55	Registration
08:55-09:00	Day 2 Opening Remarks
09:00-10:00	Keynote: Ron Ross National Institute of Standards and Technology Video \| Slides
10:00-10:15	Coffee Break sponsored by
10:15-11:00	Hacking SAP BusinessObjects Joshua Abraham and Will Vandevanter Video \| Slides	Cloudy with a chance of hack! Lars Ewe Video \| Slides	Don’t Judge a Website by its Icon – Read the Label! Jeff Williams Video \| Slides	Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers Dan Cornell Video \| Slides
11:00-11:05	Break
11:05-11:50	Deconstructing ColdFusion Chris Eng and Brandon Creighton Video \| Slides	Declarative Web Security Brandon Sterne Video \| Slides	The Secure Coding Practices Quick Reference Guide Keith Turpin Video \| Slides	Code Reviewing Strategies Andrew Wilson and John Hoopes Video \| Slides
11:50-11:55	Break
11:55-12:40	Friendly Traitor 2 Features are hot but giving up our secrets is not! Kevin Johnson and Mike Poor Video \| Slides	Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files Aleksandr Yampolskiy Video \| Slides	Open Source Web Entry Firewall Ivan Buetler Video \| Slides	Microsoft's Security Development Lifecycle for Agile Development Nick Coblentz Video \| Slides
12:40-1:40	Lunch
1:40-2:25	Hacking .NET Applications at Runtime: A Dynamic Attack Jon McCoy Video \| Slides	Life in the Clouds: a Service Provider's View Michael Smith Video \| Slides	Solving Real World Problems with ESAPI Chris Schmidt Video \| Slides	Financial Services Panel
2:25-2:30	Break
2:30-3:15	JavaSnoop: How to hack anything written in Java Arshan Dabirsiaghi Video \| Slides	Social Zombies Gone Wild: Totally Exposed and Uncensored Kevin Johnson and Tom Eston Video \| Slides	Attack Detection and Prevention with OWASP AppSensor Colin Watson Video \| Slides
3:15-3:30	Coffee Break sponsored by
3:30-4:15	Unlocking the Toolkit: Attacking Google Web Toolkit Ron Gutierrez Video \| Slides	Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications Dan Cornell Video \| Slides	OWASP ModSecurity Core Rule Set Ryan Barnett Video \| Slides	Implementing a Secure Software Development Program Darren Death Video \| Slides
4:15-4:20	Break
4:20-5:05	Constricting the Web: Offensive Python for Web Hackers Marcin Wielgoszewski and Nathan Hamiel Video \| Slides	Threats from Economical Improvement Eduardo Neves Video \| Slides	OWASP ESAPI SwingSet Fabio Cerullo Video \| Slides	The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform Benjamin Tomhave Video \| Slides
5:05-5:30	Closing Remarks/Prizes The OWASP AppSec DC Team

Main Conference Page | Presentations Page | Training Page

Difference between revisions of "OWASP AppSec DC 2010 Schedule"

Latest revision as of 14:21, 4 March 2011

Training 11/08

Training 11/09

Plenary Day 1 - 11/10

Plenary Day 2 - 11/11

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 10: / Line 10: @@
 {| cellspacing="0" border="2"
 |- valign="middle"
-| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Traning Day 1 - Nov 8th 2010'''</font>
+| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Training Day 1 - Nov 8th 2010'''</font>
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 | width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''
 | width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''
-| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''145A'''
+| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''154A'''
 | width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
 | width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
-| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159A'''
-| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''159B'''
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
+| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
+| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
-| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
+| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
-| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
+| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth, 7Safe Limited
 | width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]]<br>Robert Zakon
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Practical Web Security Overview]]<br>Zoltán Hornák
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00
@@ Line 34: / Line 30: @@
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
+| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
+| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
-| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
+| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
-| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
+| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth, 7Safe Limited
 | width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]]<br>Robert Zakon
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Practical Web Security Overview]]<br>Zoltán Hornák
 <!-- Training Day 1 -->
 |}
@@ Line 46: / Line 40: @@
 {| cellspacing="0" border="2"
 |- valign="middle"
-| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Traning Day 1 - Nov 8th 2010'''</font>
+| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Training Day 2 - Nov 9th 2010'''</font>
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 | width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''
 | width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''
-| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''145A'''
+| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''154A'''
 | width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
 | width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
-| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159A'''
+| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159B'''
-| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''159B'''
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
+| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
+| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
-| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
+| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
-| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
+| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák, SEARCH-LAB
-| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell
+| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell, Denim Group
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Krishna Raja
+| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Oliver Ng, Security Compass
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00
@@ Line 70: / Line 62: @@
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
+| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]<br>Justin Searle, InGuardians
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
+| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading an AppSec Initiative ]]<br>Jeff Williams, Aspect Security
-| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
+| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades, Maven Security
-| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
+| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák, SEARCH-LAB
-| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell
+| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell, Denim Group
-| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Krishna Raja
+| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Oliver Ng, Security Compass
-| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák
 <!-- Training Day 2 -->
 |}
@@ Line 85: / Line 76: @@
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
-| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''
-| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (147A)'''
-| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (145B)'''
-| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (145A)'''
-|- valign="bottom"
+|- valign="bottom
 | width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:50
 | valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
@@ Line 97: / Line 88: @@
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Secuirty Agency<br>Video | Slides
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Security Agency<br>[http://vimeo.com/groups/asdc10/videos/18820731 Video] | [[Media: OWASP-appsec2010-app_assurance-nziring-20101110.ppt | Slides]]
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | Slides
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | OWASP Status Update<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>[http://vimeo.com/groups/asdc10/videos/18821089 Video] | [http://www.owasp.org/images/0/0f/OWASPDC2010-v1.pdf Slides]
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
-| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Redspin30x120.png|link=http://www.redspin.com]]
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:35
+| width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br>[http://vimeo.com/groups/asdc10/videos/19346235 Video] | [[Media: Python_Basics_for_Web_App_Pentesters.zip|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | [[Media:OWASP_Dasient_11_10_10.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!]]<br>Jeff Williams<br><br>Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | [[Media:OWASP_-_Secure_Code_Review_Enterprise_Metrics.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]]<br>Joe Jarzombek & Tom Millar<br><br>[http://vimeo.com/groups/asdc10/videos/18802696 Video] | [[Media:SwA_SCRM_10Nov2010_jj.pdf|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:35-11:45
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 11:45-12:35
+| width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br>[http://vimeo.com/groups/asdc10/videos/19344945 Video] | [[Media: Domino_testing_presentation.ppt‎ | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br>[http://vimeo.com/groups/asdc10/videos/18820054 Video] | [[Media:Magic_Numbers_-_5_KPIs_for_Measuring_WebAppSec_Program_Success_v3.2.pdf | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | [[Media:BoozAllen-AppSecDC2010-sw_scrm.pdf|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:35-1:35
+| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20
 | valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:35-2:25
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | [[Media:PenTestingWithIron.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | [[Media: Providing-Application-level-Assurance-through-DNSSEC-final.ppt | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]]<br>Onn Chee & Tom Brennan <br><br>[http://vimeo.com/groups/asdc10/videos/18818757 Video] | [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf Slides]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br><br><br>Making Security Measurable<br>[http://vimeo.com/groups/asdc10/videos/19618464 Video] | [[Media:Making_Security_Measurable_-_CWE_-_OWASP_AppSec_DC_2010_(Barnum).pdf|Slides]]<br><br><br>Understanding How They Attack Your Weaknesses<br>[http://vimeo.com/groups/asdc10/videos/19629525 Video] | [[Media:Understanding_How_They_Attack_Your_Weaknesses-CAPEC_-_OWASP_AppSec_DC_2010_(Barnum).pdf|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:35
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="1" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:35-3:25
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br>[http://vimeo.com/groups/asdc10/videos/19357262 Video] | [[Media: Hacking_Oracle_From_Web_Apps_2.0.pptx|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br>[http://vimeo.com/groups/asdc10/videos/19355417 Video] | [[Media:Guardrails_owasp_final.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Framed! Security-patching Common Web Development Frameworks]] - Panel<br><br>[http://vimeo.com/groups/asdc10/videos/18808494 Video]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 3:25-3:40
+| width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10
-| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:SecureIdeas_30X65.png|link=http://www.secureideas.net]]
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:40-4:30
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Seth Law<br><br> Video | Slides]
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Chris Gates<br><br>[http://vimeo.com/groups/asdc10/videos/19104630 Video] | [[Media: WXf_ASDC_Presentation.odp.zip | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br>[http://vimeo.com/groups/asdc10/videos/19104928 Video] | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> [http://vimeo.com/groups/asdc10/videos/19629938 Video] | [[Media: Andrew_Weidenhamer_AppSecDC_Presentation.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> [http://vimeo.com/groups/asdc10/videos/19914698 Video] | [[Media:20101110_-_Ensuring_Software_Assurance_Process_Maturity_-_Final.pptx|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:30-4:40
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 4:40-5:30
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="3" | Pen-Test Panel <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]]<br> [http://vimeo.com/groups/asdc10/videos/19908268 Video]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | [[Media:OWASP_Bot_res_enc.pptx|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video|Slides
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>[http://vimeo.com/groups/asdc10/videos/19331937 Video] | [[Media:Chuck_Willis_OWASPBWA_for_OWASP_AppSecDC_2010-11-10.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br>[http://vimeo.com/groups/asdc10/videos/19105480 Video] | [[Media: OWASP_DC_2010_Moss_fin.pptx|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:30-5:40
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | [[Media: Smashing_WebGoat_-_AppSecDC_Presentation.odp.zip|Slides]]
+|- valign="bottom"
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 5:40-6:30
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]]<br>David Shelly, Randy Marchany & Joseph Tront<br><br>[http://vimeo.com/groups/asdc10/videos/18984178 Video] | [[Media:Closing_the_Gap_AppSecDC_Shelly.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | Slides
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel
 |- valign="bottom"
-| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:30-8:30
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>[http://vimeo.com/groups/asdc10/videos/19337407 Video] | [[Media:AppSecDC_2010-WHID_Report-Ryan_Barnett.ppt|Slides]]
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (TBD)
+|- valign="bottom"
+| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails sponsored by [[Image:Trustwave50x250.png|link=https://www.trustwave.com/‎‎]]
 <!-- Day 1 -->
 |}
@@ Line 174: / Line 169: @@
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
-| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''
-| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (147A)'''
-| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (145B)'''
-| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (TBD)'''
+| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (145A)'''
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:55
@@ Line 186: / Line 181: @@
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>Video | Slides
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>[http://vimeo.com/groups/asdc10/videos/18826138 Video] | [[Media: OWASP-11-11-2010-Ross.pptx|Slides]]
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15
-| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Trustwave30x150.png|link=https://www.trustwave.com/‎‎]]
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:05
+| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> [http://vimeo.com/groups/asdc10/videos/19891280 Video] | Slides
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | [[Media:OWASP_Cloudy_with_a_chance_of_hack_Nov_2010.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Don't Judge a Website by its Icon - Read the Label!|Don’t Judge a Website by its Icon – Read the Label!]]<br>Jeff Williams<br><br>Video | [[Media:2010-11_OWASP_Software_Labels.pptx|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br>[http://vimeo.com/groups/asdc10/videos/18980995 Video] | [[Media: ApplicationPortfolioRiskRanking_BanishingFUDWithStructureAndNumbers_Content.pdf|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:05-11:15
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 11:15-12:05
+| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> [http://vimeo.com/groups/asdc10/videos/19912816 Video] | [[Media: OWASP_AppSec_DC_2010_-_Deconstructing_ColdFusion.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Mozilla Foundation<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Brandon Sterne<br><br> [http://vimeo.com/groups/asdc10/videos/18984410 Video] | [[Media: Mozilla_OWASP_AppSec_2010_DC.pdf‎|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3" | Federal CIO Panel <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br>[http://vimeo.com/groups/asdc10/videos/19105173 Video] | [[Media: Secure_Coding_Practices_Quick_Ref_4.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | [[Media:CodeReviewStrategies.pptx|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 12:05-12:15
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" | Break
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 12:15-1:05
+| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br>[http://vimeo.com/groups/asdc10/videos/18810353 Video] | [[Media: Friendly_Traitor_2.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | [[Media:Exploiting_Media_For_Fun_and_Profit.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | [[Media: AppSecDC_Open_Source_Web_Entry_Server_V2.2.ppt|Slides]]
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br>[http://vimeo.com/groups/asdc10/videos/19105707 Video] | [[Media:OWASP_AppSec_DC_2010_-_Microsoft_SDL-Agile_Presentation_-_Nick_Coblentz_2010-11-11.pdf|Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 1:05-2:05
+| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40
 | valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:05-2:55
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>Jon McCoy<br><br>[http://vimeo.com/groups/asdc10/videos/18984620 Video] | [[Media: AppSecDC_-_Attacking_.NET_Applications_at_Runtime.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br>[http://vimeo.com/groups/asdc10/videos/18820461 Video] | [[Media: Life_In_the_Clouds.Smith.AppSecDC2010.pdf|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | [[Media:ESAPI-2010-AppSecDC.pptx|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Financial ServicesPanel<br><br>Video|Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Financial Services Panel]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:55-3:05
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:05-3:55
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>John McCoy<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br>[http://vimeo.com/groups/asdc10/videos/19051012 Video] | [[Media:JavaSnoop_-_OWASP_AppSec_DC_2010.pptx|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br>[http://vimeo.com/groups/asdc10/videos/18827316 Video] | Slides
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> [http://vimeo.com/groups/asdc10/videos/19631724 Video] | [[Media:AppSecDC-colin-watson-appsensor.ppt|Slides]]
-|- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 3:55-4:10
-| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:10-5:00
+| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | Slides]
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC-2010-Syngress75x30.gif‎‎|link=http://www.syngress.com/]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | Slides
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
 |- valign="bottom"
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 3:30-4:15
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]]
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]]
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | [[Media:AppSecDC_2010-ModSecurityCRS_Ryan_Barnett.ppt|Slides]]
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:00-5:10
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:15-4:20
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 5:10-6:00
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> [http://vimeo.com/groups/asdc10/videos/19632487 Video] | Slides
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]]
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video|Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | [[Media:Esapi_swingset_talk_dc.ppt|Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> [http://vimeo.com/groups/asdc10/videos/19908922 Video] | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]]
-|- valign="bottom"
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-6:30
+| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30
 | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes<br>The OWASP AppSec DC Team<!-- Day 2 -->
 |}