This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2010 Schedule"
From OWASP
Mark.bristow (talk | contribs) (First round of slides added) |
(Add new video releases) |
||
(17 intermediate revisions by 4 users not shown) | |||
Line 80: | Line 80: | ||
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (145B)''' | | width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (145B)''' | ||
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (145A)''' | | width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (145A)''' | ||
− | |- valign="bottom | + | |- valign="bottom |
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:50 | | width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:50 | ||
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration | | valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration | ||
Line 88: | Line 88: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00 | | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Security Agency<br>Video | [[Media: OWASP-appsec2010-app_assurance-nziring-20101110.ppt | Slides]] | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Security Agency<br>[http://vimeo.com/groups/asdc10/videos/18820731 Video] | [[Media: OWASP-appsec2010-app_assurance-nziring-20101110.ppt | Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30 | | width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | OWASP Status Update<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | [http://www.owasp.org/images/0/0f/OWASPDC2010-v1.pdf Slides] | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | OWASP Status Update<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>[http://vimeo.com/groups/asdc10/videos/18821089 Video] | [http://www.owasp.org/images/0/0f/OWASPDC2010-v1.pdf Slides] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45 | | width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45 | ||
Line 97: | Line 97: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30 | | width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | [[Media: Python_Basics_for_Web_App_Pentesters.zip|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br>[http://vimeo.com/groups/asdc10/videos/19346235 Video] | [[Media: Python_Basics_for_Web_App_Pentesters.zip|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | [[Media:OWASP_Dasient_11_10_10.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | [[Media:OWASP_-_Secure_Code_Review_Enterprise_Metrics.ppt|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]]<br>Joe Jarzombek & Tom Millar<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]]<br>Joe Jarzombek & Tom Millar<br><br>[http://vimeo.com/groups/asdc10/videos/18802696 Video] | [[Media:SwA_SCRM_10Nov2010_jj.pdf|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35 | ||
Line 106: | Line 106: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20 | | width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | [[Media: Domino_testing_presentation.ppt | Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br>[http://vimeo.com/groups/asdc10/videos/19344945 Video] | [[Media: Domino_testing_presentation.ppt | Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | [[Media: | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br>[http://vimeo.com/groups/asdc10/videos/18820054 Video] | [[Media:Magic_Numbers_-_5_KPIs_for_Measuring_WebAppSec_Program_Success_v3.2.pdf | Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | [[Media:BoozAllen-AppSecDC2010-sw_scrm.pdf|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20 | | width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20 | ||
Line 115: | Line 115: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | [[Media:PenTestingWithIron.ppt|Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | [[Media: Providing-Application-level-Assurance-through-DNSSEC-final.ppt | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | [[Media: Providing-Application-level-Assurance-through-DNSSEC-final.ppt | Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]]<br>Onn Chee & Tom Brennan <br><br> Video | [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf Slides] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]]<br>Onn Chee & Tom Brennan <br><br>[http://vimeo.com/groups/asdc10/videos/18818757 Video] | [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf Slides] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br><br><br>Making Security Measurable<br>[http://vimeo.com/groups/asdc10/videos/19618464 Video] | [[Media:Making_Security_Measurable_-_CWE_-_OWASP_AppSec_DC_2010_(Barnum).pdf|Slides]]<br><br><br>Understanding How They Attack Your Weaknesses<br>[http://vimeo.com/groups/asdc10/videos/19629525 Video] | [[Media:Understanding_How_They_Attack_Your_Weaknesses-CAPEC_-_OWASP_AppSec_DC_2010_(Barnum).pdf|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10 | ||
Line 125: | Line 125: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br>[http://vimeo.com/groups/asdc10/videos/19357262 Video] | [[Media: Hacking_Oracle_From_Web_Apps_2.0.pptx|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br>[http://vimeo.com/groups/asdc10/videos/19355417 Video] | [[Media:Guardrails_owasp_final.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Framed! Security-patching Common Web Development Frameworks]] - Panel <br><br> Video | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Framed! Security-patching Common Web Development Frameworks]] - Panel<br><br>[http://vimeo.com/groups/asdc10/videos/18808494 Video] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10 | | width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10 | ||
Line 133: | Line 133: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Chris Gates<br><br> Video | Slides] | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Chris Gates<br><br>[http://vimeo.com/groups/asdc10/videos/19104630 Video] | [[Media: WXf_ASDC_Presentation.odp.zip | Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br>[http://vimeo.com/groups/asdc10/videos/19104928 Video] | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | [[Media: Andrew_Weidenhamer_AppSecDC_Presentation.ppt|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> [http://vimeo.com/groups/asdc10/videos/19629938 Video] | [[Media: Andrew_Weidenhamer_AppSecDC_Presentation.ppt|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> [http://vimeo.com/groups/asdc10/videos/19914698 Video] | [[Media:20101110_-_Ensuring_Software_Assurance_Process_Maturity_-_Final.pptx|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00 | ||
Line 142: | Line 142: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]] <br> | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]]<br> [http://vimeo.com/groups/asdc10/videos/19908268 Video] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | [[Media:OWASP_Bot_res_enc.pptx|Slides]] |
− | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides | + | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>[http://vimeo.com/groups/asdc10/videos/19331937 Video] | [[Media:Chuck_Willis_OWASPBWA_for_OWASP_AppSecDC_2010-11-10.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br> Video | [[Media: OWASP_DC_2010_Moss_fin.pptx|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br>[http://vimeo.com/groups/asdc10/videos/19105480 Video] | [[Media: OWASP_DC_2010_Moss_fin.pptx|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | [[Media: Smashing_WebGoat_-_AppSecDC_Presentation.odp.zip|Slides]] | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | [[Media: Smashing_WebGoat_-_AppSecDC_Presentation.odp.zip|Slides]] | ||
Line 153: | Line 153: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35 | ||
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]]<br>David Shelly, Randy Marchany & Joseph Tront<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]]<br>David Shelly, Randy Marchany & Joseph Tront<br><br>[http://vimeo.com/groups/asdc10/videos/18984178 Video] | [[Media:Closing_the_Gap_AppSecDC_Shelly.ppt|Slides]] |
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides | + | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>[http://vimeo.com/groups/asdc10/videos/19337407 Video] | [[Media:AppSecDC_2010-WHID_Report-Ryan_Barnett.ppt|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30 | | width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30 | ||
Line 181: | Line 181: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00 | | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>Video | [[Media: OWASP-11-11-2010-Ross.pptx|Slides]] | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>[http://vimeo.com/groups/asdc10/videos/18826138 Video] | [[Media: OWASP-11-11-2010-Ross.pptx|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15 | | width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15 | ||
Line 187: | Line 187: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00 | | width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> [http://vimeo.com/groups/asdc10/videos/19891280 Video] | Slides |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | [[Media:OWASP_Cloudy_with_a_chance_of_hack_Nov_2010.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Don't Judge a Website by its Icon - Read the Label!|Don’t Judge a Website by its Icon – Read the Label!]]<br>Jeff Williams<br><br>Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Don't Judge a Website by its Icon - Read the Label!|Don’t Judge a Website by its Icon – Read the Label!]]<br>Jeff Williams<br><br>Video | [[Media:2010-11_OWASP_Software_Labels.pptx|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br> Video | [[Media: ApplicationPortfolioRiskRanking_BanishingFUDWithStructureAndNumbers_Content.pdf|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br>[http://vimeo.com/groups/asdc10/videos/18980995 Video] | [[Media: ApplicationPortfolioRiskRanking_BanishingFUDWithStructureAndNumbers_Content.pdf|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05 | ||
Line 196: | Line 196: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50 | | width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> [http://vimeo.com/groups/asdc10/videos/19912816 Video] | [[Media: OWASP_AppSec_DC_2010_-_Deconstructing_ColdFusion.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Brandon Sterne<br><br> Video | [[Media: Mozilla_OWASP_AppSec_2010_DC.pdf|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Brandon Sterne<br><br> [http://vimeo.com/groups/asdc10/videos/18984410 Video] | [[Media: Mozilla_OWASP_AppSec_2010_DC.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br> Video | [[Media: Secure_Coding_Practices_Quick_Ref_4.ppt|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br>[http://vimeo.com/groups/asdc10/videos/19105173 Video] | [[Media: Secure_Coding_Practices_Quick_Ref_4.ppt|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | [[Media:CodeReviewStrategies.pptx|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55 | ||
Line 205: | Line 205: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40 | | width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br> Video | [[Media: Friendly_Traitor_2.pdf|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br>[http://vimeo.com/groups/asdc10/videos/18810353 Video] | [[Media: Friendly_Traitor_2.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | [[Media:Exploiting_Media_For_Fun_and_Profit.ppt|Slides]] |
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | [[Media: AppSecDC_Open_Source_Web_Entry_Server_V2.2.ppt|Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | [[Media: AppSecDC_Open_Source_Web_Entry_Server_V2.2.ppt|Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br>[http://vimeo.com/groups/asdc10/videos/19105707 Video] | [[Media:OWASP_AppSec_DC_2010_-_Microsoft_SDL-Agile_Presentation_-_Nick_Coblentz_2010-11-11.pdf|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40 | | width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40 | ||
Line 214: | Line 214: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>Jon McCoy<br><br> Video | [[Media: AppSecDC_-_Attacking_.NET_Applications_at_Runtime.ppt|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>Jon McCoy<br><br>[http://vimeo.com/groups/asdc10/videos/18984620 Video] | [[Media: AppSecDC_-_Attacking_.NET_Applications_at_Runtime.ppt|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br> Video | [[Media: Life_In_the_Clouds.Smith.AppSecDC2010.pdf|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br>[http://vimeo.com/groups/asdc10/videos/18820461 Video] | [[Media: Life_In_the_Clouds.Smith.AppSecDC2010.pdf|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | [[Media:ESAPI-2010-AppSecDC.pptx|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Financial Services Panel]] | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Financial Services Panel]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30 | ||
Line 223: | Line 223: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br>[http://vimeo.com/groups/asdc10/videos/19051012 Video] | [[Media:JavaSnoop_-_OWASP_AppSec_DC_2010.pptx|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br>[http://vimeo.com/groups/asdc10/videos/18827316 Video] | Slides |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video | [[Media:AppSecDC-colin-watson-appsensor.ppt|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> [http://vimeo.com/groups/asdc10/videos/19631724 Video] | [[Media:AppSecDC-colin-watson-appsensor.ppt|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30 | | width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30 | ||
Line 233: | Line 233: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]] | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | [[Media:AppSecDC_2010-ModSecurityCRS_Ryan_Barnett.ppt|Slides]] |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 240: | Line 240: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> [http://vimeo.com/groups/asdc10/videos/19632487 Video] | Slides |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | [[Media:Esapi_swingset_talk_dc.ppt|Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> [http://vimeo.com/groups/asdc10/videos/19908922 Video] | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30 | | width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30 |
Latest revision as of 14:21, 4 March 2011
Registration | Hotel | Walter E. Washington Convention Center
Main Conference Page | Presentations Page | Training Page
Training 11/08
Training Day 1 - Nov 8th 2010 | |||||||
149A | 149B | 154A | 155 | 154B | |||
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle, InGuardians |
Day 1: Leading an AppSec Initiative Jeff Williams, Aspect Security |
Day 1: Remote Testing for Common Web Application Security Threats David Rhoades, Maven Security |
The Art of Exploiting SQL Injections Sumit Siddharth, 7Safe Limited |
WebAppSec.php: Developing Secure Web Applications Robert Zakon | ||
12:00-13:00 | Lunch | ||||||
13:00-17:00 | Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle, InGuardians |
Day 1: Leading an AppSec Initiative Jeff Williams, Aspect Security |
Day 1: Remote Testing for Common Web Application Security Threats David Rhoades, Maven Security |
The Art of Exploiting SQL Injections Sumit Siddharth, 7Safe Limited |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |