This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Education Presentation"
From OWASP
KateHartmann (talk | contribs) (→OWASP Education Presentations) |
|||
| Line 19: | Line 19: | ||
|-valign="top" | |-valign="top" | ||
|[[:Image:Education Module Why WebAppSec Matters.ppt|Why WebAppSec Matters]]|| This module explains why security should be considered when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01 | |[[:Image:Education Module Why WebAppSec Matters.ppt|Why WebAppSec Matters]]|| This module explains why security should be considered when developping or deploying web applications as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01 | ||
| + | |-valign="top" | ||
| + | |[[:Image:OWASP-Intro-2008-portuguese.ppt|OWASP Intro 2008 Portuguese]]|| This module explains || Novice || 2008-07-06 | ||
|-valign="top" | |-valign="top" | ||
|[[:Image:Education Module OWASP Top 10 Introduction and Remedies.ppt|OWASP Top 10 Introduction and Remedies]]|| This module explains the OWASP Top 10 web application vulnerabilities as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01 | |[[:Image:Education Module OWASP Top 10 Introduction and Remedies.ppt|OWASP Top 10 Introduction and Remedies]]|| This module explains the OWASP Top 10 web application vulnerabilities as part of the [[:Category:OWASP Education Project|Education Project]] || Novice || 2007-11-01 | ||
Revision as of 14:34, 7 July 2008
This page provide a commented overview of the OWASP presentations available.
Please use the last line of the tables as template.
Presentions can be tracked through:
- the OWASP Presentations Category
- Past OWASP Conference agenda's
- From the chapter pages
Everybody is encouraged to link the presentations and add their findings on this page ! There are currently hundreds of presentations all over the OWASP web site. If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76. Feel free to “mine” them and add them to the overview.
OWASP Education Presentations
| Title | Comment | Level | Date (yyyy-mm-dd) |
|---|---|---|---|
| Why WebAppSec Matters | This module explains why security should be considered when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
| OWASP Intro 2008 Portuguese | This module explains | Novice | 2008-07-06 |
| OWASP Top 10 Introduction and Remedies | This module explains the OWASP Top 10 web application vulnerabilities as part of the Education Project | Novice | 2007-11-01 |
| Embed within SDLC | This module explains the complete approach of Web Application Security when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
| Good Secure Development Practices | This module explains some good secure development practices when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
| Testing for Vulnerabilities | This module explains application security testing when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
| Good WebAppSec Resources | This module points you to some good web application security resources when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
OWASP Project Presentations
| Title | Comment | Level | Date (yyyy-mm-dd) |
|---|---|---|---|
| OWASP NY Keynote by Jeff also available in French | OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse | Novice | 2007-06-12 |
| The OWASP Testing Guide (Jeff Williams) | Overview of the OWASP Testing Guide | Novice | 2007-01-23 |
| The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli) | Presentation at EUSecWest07 | Intermediate | 2007-03-01 |
| OWASP Project Overview | High level overview of projects and how OWASP works | Novice | 2006-09-19 |
| The OWASP Application Security Metrics Project (Bob Austin) | Presentation on the Application Security Metrics project | Novice | 2006-10-17 |
| OWASP CLASP Project (Pravir Chandra) | OWASP CLASP project presentation given at the 2006 European AppSec conference | Novice | 2006-05-30 |
| Sprajax (Dan Cornell) | OWASP Sprajax presentation given at the 2006 Seattle AppSec conference | Intermediate | 2006-10-17 |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
OWASP Conference Presentations
| Title | Comment | Level | Date (yyyy-mm-dd) |
|---|---|---|---|
| Mod Security Core Rule Set (Ofer Shezaf) | Ofer Shezaf's presentation on the Core Ruleset for the latest version of ModSecurity presented at 6th OWASP AppSec conference in Milan, Italy, in May 2007. | Intermediate | 2007-05-16 |
| OWASP Testing Guide v2.1 (Matteo Meucci) | Matteo Meucci's presentation on the OWASP Testing Guide v2 at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| CLASP (Pravir Chandra) | Pravir Chandra's presentation on the upcoming 2007 update to CLASP presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| Advanced Web Hacking (PDP) | PDPs presentation at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
| XML Security Gateway Evaluation Criteria (Gunnar Peterson) | Gunnar Peterson's presentation about the new XML Security Gateway Evaluation Criteria project at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| Testing Flash Applications (Stephano Di Paolo) | Stephano Di Paolo's presentation on how to test Flash applications presented at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
| Overtaking Google Desktop (Yair Amit) | Yair Amit's presentation on XSS Flaws in Google Desktop that can be exploited through google.com presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
| ACE Team Application Security from the Core (Simon Roses Femerling) | Simon Roses Femerling's presentation on the Microsoft ACE team's application security process at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| Pantera (Simon Roses Femerling) | Simon Roses Femerling's presentation on the new OWASP tool Pantera at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| Protecting Web applications from universal PDF XSS (Ivan Ristic) | Ivan Ristic's Universal XSS PDF presentation at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| Software Security (Rudolph Araujo) | Rudolph Araujo's presentation on Application Security best practices at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Intermediate | 2007-05-16 |
| WebGoat v5 (Dave Wichers) | WebGoat v5 presentation by Dave Wichers at the 6th OWASP AppSec Conference in Milan, Italy, May 2007. | Intermediate | 2007-05-16 |
| WebScarab NG (Dave Wichers) | Description of the new WebScarab-NG efforts presented by Dave Wichers at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
| SANS SPSA Initiative (Dave Wichers) | Description of the SANS Secure Coding Exam Initiative presented by Dave Wichers at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Novice | 2007-05-16 |
| OWASP Italy Activities (Raoul Chiesa) | Raoul Chiesa's keynote for day 2 of the 6th OWASP AppSec conference on the state of application security in Italy including OWASP's activities in that country. | Novice | 2007-05-16 |
| Security engineering in Vista (Alex Lucas) | Alex Lucas' from Microsoft's keynote presentation for Day 1 of the 6th OWASP AppSec conference in Milan on the benefits of Microsoft's SDL to the security of Vista. | Intermediate | 2007-05-16 |
| How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard) | Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 | Intermediate | 2006-10-18 |
| Bootstrapping the Application Assurance Process (Sebastien Deleersnyder) | Presentation given during the European 2006 AppSec conference on the application assurance process | Novice | 2006-05-30 |
| Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France) | Presentation given at the European 2006 AppSec conference about security and soap message structure issues | Intermediate | 2006-05-31 |
| Web Application Firewalls:When Are They Useful? (Ivan Ristic) | Presentation about Web Application Firewalls | Novice | 2006-05-31 |
| HTTP Message Splitting, Smuggling and Other Animals (Amit Klein) | A presentation about Message splitting other attacks around the HTTP protocol | Intermediate | 2006-05-31 |
| Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis) | Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference | Intermediate | 2006-10-18 |
| Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) | A talk about how automated testing tools stack up against the OWASP top 10 | Intermediate | 2006-05-30 |
| RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter) | Presentation given about how Sessions can be hi-jacked, etc... | Novice | 2006-05-31 |
| Security Testing through Automated Software Tests (Stephen de Vries) | Presentation given at the 2006 EuSec conference | Intermediate | 2006-05-31 |
| In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet) | Conference given at the 2005 DC AppSec conference | Novice | 2005-10-1 |
| Google Hacking and Web Application Worms (Matt Fisher) | Talk given at the 2005 DC AppSec conference | Novice | 2005-10-01 |
| Establishing an Enterprise Application Security Program (Tony Canike) | Talk given at the 2005 DC AppSec Conference | Novice | 2005-10-01 |
| Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers) | Dave's talk on AJAX given at the Seattle 2006 AppSec conference | Intermediate | 2006-10-01 |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
Web Application Security Presentations
| Title | Comment | Level | Date (yyyy-mm-dd) |
|---|---|---|---|
| Universal PDF XSS by Ivan Ristic | Protecting Web Applications from Universal PDF XSS | Intermediate | 2007-06-28 |
| Identity Management Basics (Derek Brown) | Identity Management Basics | Novice | 2007-05-09 |
| [Advanced SQL Injection (Victor Chapela) | Detailed methodology for analyzing applications for SQL injection vulnerabilities | Expert | 2005-11-04 |
| [Advanced Topics on SQL Injection Protection (Sam NG) | 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. | Intermediate | 2006-02-27 |
| [Attacking Web Services (Alex Stamos) | Web Services Introduction and Attacks | Intermediate | 2005-10-11 |
| MMS Spoofing (Matteo Meucci) | A Case-study of a vulnerable web application | Intermediate | |
| Ajax Security (Andrew van der Stock) | Presentation on Ajax security for OWASP AppSec Europe 2006 | Intermediate | 2006-05-30 |
| Advanced Web Services Security & Hacking (Justin Derry) | Presentation given on Webservice security at the Seattle 2006 AppSec conference | Intermediate | 2006-10-18 |
| Integration into the SDLC (Eoin Keary) | A presentation about why and how to integrate the SDLC. | Novice | 2005-04-09 |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
Chapter Presentations
| Title | Comment | Level | Month (Mon-yyyy) | Chapter
|
|---|---|---|---|---|
| Detecting Web Application Vulnerabilities Using Open Source Means (Konstantinos Papapanagiotou) | OWASP Greek Chapter presentation given at the Open Source Software (FLOSS) Conference in Athens | Novice | May 2008 | Greece |
| Hacking The World With Flash (Paul Craig) | OWASP New Zealand chapter presentation on Flash security | Intermediate | April 2008 | New Zealand |
| Web Spam Techniques (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Web Spam Techniques | Intermediate | April 2008 | New Zealand |
| Xpath Injection Overview (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Xpath Injection | Intermediate | February 2008 | New Zealand |
| Dependability for Java Mobile Code (Pierre Parrend) | OWASP Swiss chapter presentation on Mobile Java Security | Expert | July 2007 | Switzerland |
| Trust, Security and Usability (Roger Carhuatocto) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
| Tratamiento seguro de datos en aplicaciones in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
| Ataques DoS en aplicaciones Web (Jaime Blasco Bermejo) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
| Seguridad en entornos financierosPedro (Pedro Sánchez) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
| Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting | Java Open Review | Intermediate | June 2007 | Virginia (Northern Virginia) |
| Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007. | Bytecode injection | Expert | June 2007 | Virginia (Northern Virginia) |
| Security at the VMM Layer by Ted Winograd | Security at the VMM Layer | Expert | June 2007 | Virginia (Northern Virginia) |
| Evaluating and Tuning Web Application Firewalls (Barry Archer) | Presentation given at Kansas City June 2007 chapter meeting | Intermediate | June 2007 | Kansas City |
| Microsoft Security Development Lifecycle for IT (Rob Labbé) | Presentation by Rob Labbe at Ottawa OWASP Chapter | Novice | May 2007 | Ottawa |
| Application Denial of Service (Shaayy Cheen) | Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
| Fuzzing in Microsoft and FuzzGuru framework (John Neystadt) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
| Application Security, not just development (David Lewis) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
| Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
| Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
| Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
| .NET Reverse Engineering (Erez Mettulla) | Presentation given at the Israel Mini Conference in May 2007 | Expert | May 2007 | Israel |
| OWASP introduction (Ofer Shezaf) | 2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya | Intermediate | May 2007 | Israel |
| Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H) | Update on Internet Attack Statistics for Belgium in 2006 | Novice | May 2007 | Belgium |
| Securing Web Services using XML Security Gateways by Tim Bond | Securing Web Services using XML Security Gateways | Intermediate | May 2007 | Virginia (Northern Virginia) |
| Software Assurance in the Acquisition Process by Stan Wisseman | Software Assurance in the Acquisition Process | Intermediate | May 2007 | Virginia (Northern Virginia) |
| Legal Aspects of (Web) Application Security by Jos Dumortier | Legal Aspects of (Web) Application Security | Intermediate | May 2007 | Belgium |
| AppSec Research (University Leuven Belgium) | Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet | Expert | May 2007 | Belgium |
| A Scanner Sparkly | A Scanner Sparkly, taken from the Phoenix OWASP presentations on Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
| Grey Box Assessment Lessons Learned | "Grey Box Assessment Lessons Learned", taken from the Phoenix OWASP presentations, Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
| OWASP Update and OWASP BeLux Board Presentation (Seba) | OWASP Update and OWASP BeLux Board Presentation | Novice | May 2007 | Belgium |
| Metics- What can we measure (Zed Abbadi) | 19 April NoVa chapter meeting presentation on Security Metrics | Novice | April 2007 | Virginia (Northern Virginia) |
| Web Services Hacking and Hardening (Adam Vincent) | 3/8/07 NoVA chapter meeting, Adam Vincent from Layer7 | Expert | March 2007 | Virginia (Northern Virginia) |
| OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
| XSS Worms (Sven Vetsch) | XSS Worms | Intermediate | Feb 2007 | Switzerland |
| OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
| WebGoat and Pantera presentation (Philippe Bogaerts) | WebGoat and Pantera presentation | Novice | Jan 2007 | Belgium |
| Security implications of AOP for secure software (Bart De Win) | Security implications of AOP for secure software | Expert | Jan 2007 | Belgium |
| testing for common security flaws (David Byrne) | testing for common security flaws | Intermediate | Nov 2006 | Denver |
| 40-ish slides on analyzing threats (Olli) | Analyzing Threats | Novice | Dec 2006 | Helsinki |
| Attacking the Application (Dave Ferguson) | Vulnerabilities, attacks and coding suggestions | Intermediate | Dec 2006 | Kansas City |
| Ajax Security Concerns (Rohini Sulatycki) | Ajax Security Concerns | Intermediate | Dec 2006 | Kansas City |
| Anatomy of 2 Web Application Testing (Matteo Meucci) | Anatomy of 2 Web Application Testing | Intermediate | Mar 2006 | Italy |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert | Mon Year | Chapter |
