This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mrb Scratchpad"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
<tr valign="bottom">
 
<tr valign="bottom">
 
  <td bgcolor="#666699" width="67" valign="middle">09:00-10:00
 
  <td bgcolor="#666699" width="67" valign="middle">09:00-10:00
  <td height="60" colspan="4" align="center" bgcolor="#e0e0e0" valign="middle">Keynote: Joe Jarzombek
+
  <td height="60" colspan="4" align="center" bgcolor="#e0e0e0" valign="middle">Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]]
 
<tr valign="bottom">
 
<tr valign="bottom">
 
  <td bgcolor="#666699" width="67" valign="middle">10:30-10:30
 
  <td bgcolor="#666699" width="67" valign="middle">10:30-10:30
Line 31: Line 31:
 
  <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra
 
  <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra
 
  <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West
 
  <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West
  <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence]]<br>Darren Challey
+
  <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence | Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey
 
  <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Transparent Proxy Abuse]]<br>Robert Auger
 
  <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Transparent Proxy Abuse]]<br>Robert Auger
 
<tr valign="bottom">
 
<tr valign="bottom">
Line 50: Line 50:
 
<tr valign="bottom">
 
<tr valign="bottom">
 
  <td height="120" rowspan="2" bgcolor="#666699" width="67" valign="middle">15:30-16:30
 
  <td height="120" rowspan="2" bgcolor="#666699" width="67" valign="middle">15:30-16:30
  <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi
+
  <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi
 
  <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[One Click Ownage]]<br>Ferruh Mavituna
 
  <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[One Click Ownage]]<br>Ferruh Mavituna
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey
Line 62: Line 62:
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Attacking WCF Web Services]]<br>Brian Holyfield
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Attacking WCF Web Services]]<br>Brian Holyfield
 
<tr valign="bottom">
 
<tr valign="bottom">
  <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Synergy! - A world where the tools communicate]]<br>
+
  <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Synergy! An intregrated OWASP Audit: A world where the tools communicate|Synergy! - A world where the tools communicate]]<br>
 
  Josh Abraham
 
  Josh Abraham
 
<tr valign="bottom">
 
<tr valign="bottom">
Line 68: Line 68:
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner
 
  <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coats
 
  <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coats
  <td height="120" rowspan="2" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[Threat Modeling]]<br>John Steven
+
  <td height="120" rowspan="2" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies]]<br>Rafal Los
 
  <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies]]<br>Rafal Los
 
<tr valign="bottom">
 
<tr valign="bottom">
Line 75: Line 75:
 
  <td height="60" bgcolor="#666699" width="67" valign="middle">19:00-????
 
  <td height="60" bgcolor="#666699" width="67" valign="middle">19:00-????
 
  <td height="60" colspan="4" align="center" bgcolor="#c0c0c0" valign="middle">Reception
 
  <td height="60" colspan="4" align="center" bgcolor="#c0c0c0" valign="middle">Reception
 +
<!-- Day 2 -->
 
<tr valign="middle">
 
<tr valign="middle">
  <td height="60" colspan="5">&nbsp;
+
  <td height="60" colspan="5">
 
<tr valign="middle">
 
<tr valign="middle">
 
  <td height="60" colspan="5" align="center" bgcolor="#333399"><font size="5"><b>Day 2 - Nov 13th 2009</b>
 
  <td height="60" colspan="5" align="center" bgcolor="#333399"><font size="5"><b>Day 2 - Nov 13th 2009</b>
Line 110: Line 111:
 
  <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[Fox in the Henhouse: Java Rootkits]]<br>Jeff Williams
 
  <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[Fox in the Henhouse: Java Rootkits]]<br>Jeff Williams
 
  <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
 
  <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
  <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[OWASP Top 10 2009]]<br>Dave Wichers
+
  <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[OWASP Top 10 2009 AppSecDC|OWASP Top 10 2009]]<br>Dave Wichers
 
  <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin
 
  <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">[[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin
 
<tr valign="bottom">
 
<tr valign="bottom">
Line 117: Line 118:
 
<tr valign="bottom">
 
<tr valign="bottom">
 
  <td height="120" bgcolor="#666699" width="67" valign="middle">14:30-15:30
 
  <td height="120" bgcolor="#666699" width="67" valign="middle">14:30-15:30
  <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[TBA]]<br>Robert Hansen
+
  <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">[[TBD AppSecDC Robert Hansen|TBA]]<br>Robert Hansen
 
  <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Improving application security after an incident]]<br>Cory Scott
 
  <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">[[Improving application security after an incident]]<br>Cory Scott
 
  <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[Hacking by Numbers]]<br>Tom Brennan
 
  <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">[[Hacking by Numbers]]<br>Tom Brennan

Revision as of 02:57, 20 August 2009

Day 1 - Nov 12th 2009
  OWASP Tools SDLC Web 2.0
07:30-09:00 Registration
08:45-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
10:30-10:30 Coffee Break & Room Change
10:30-11:30 OWASP ESAPI
Jeff Williams 		Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch 		Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe 		Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst
11:30-12:30 Software Assurance Maturity Model (SAMM)
Pravir Chandra 		The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West 		Enterprise Application Security - GE's approach to solving root cause
Darren Challey 		Transparent Proxy Abuse
Robert Auger
12:30-13:30 DISA's Application Security and Development STIG: How OWASP Can Help You
Jason Li 		OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett 		The essential role of infosec in secure software development
Kenneth R. van Wyk 		Fracturing Flex For Fun- An Alliterative Attackers Approach
Jon Rose/Kevin Stadmeyer
13:30-14:30 Lunch
14:30-15:30 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates 		Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber 		SDLC Panel Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson
15:30-16:30 The ESAPI Web Application Firewall
Arshan Dabirsiaghi 		One Click Ownage
Ferruh Mavituna 		Cloudy with a chance of 0-day
Jon Rose/Tom Leavey
Web Application Security Scanner Evaluation Criteria
Brian Shura
16:30-17:30 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey 		Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis 		Vulnerability Management in an Application Security World
Dan Cornell 		Attacking WCF Web Services
Brian Holyfield
Synergy! - A world where the tools communicate

Josh Abraham

17:30-18:30 The Entrepreneur's Guide to Career Management
Lee Kushner 		Advanced SSL: The good, the bad, and the ugly
Michael Coats 		Threat Modeling
John Steven 		When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies
Rafal Los
User input piercing for Cross Site Scripting Attacks
Matias Blanco
19:00-???? Reception
Day 2 - Nov 13th 2009
  Attack & Defend Process Metrics Compliance
07:30-09:00 Registration
09:00-10:00 Keynote: TBA
10:30-10:30 Coffee Break & Room Change
10:30-11:30 Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja 		The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher 		The Web Hacking Incidents Database
Ryan C. Barnett 		Business Logic Automatons: Friend or Foe?
Ofer Shezaf
11:30-12:30 Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber 		Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe 		Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal 		SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis
12:30-13:30 Fox in the Henhouse: Java Rootkits
Jeff Williams 		Secure Software Updates: Update Like Conficker
Jeremy Allen 		OWASP Top 10 2009
Dave Wichers 		Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin
13:30-14:30 Lunch
14:30-15:30 TBA
Robert Hansen 		Improving application security after an incident
Cory Scott 		Hacking by Numbers
Tom Brennan 		Federal CIO Pannel
15:30-16:30 Automated vs. Manual Security: You can't filter The Stupid
David Byrne/Charles Henderson 		Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney 		Building an in-house application security assessment team
Keith Turpin
16:30-17:30 Advanced SQL Injection
Joe McCray 		Is your organization secured against internal threats?
Lars Ewe 		The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord 		Promoting Application Security within Federal Government
Sarbari Gupta
17:30-18:30 Clubbing WebApps with a Botnet
Gunter Ollmann 		Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa 		SANS Dshield Webhoneypot Project
Jason Lamn 		Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy
Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio
18:30-19:00 Closing Remarks

Retrieved from "https://wiki.owasp.org/index.php?title=Mrb_Scratchpad&oldid=67718"