This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mrb Scratchpad"

From OWASP
Jump to: navigation, search
(Back to Conference Page)
(Back to Conference Page)
Line 240: Line 240:
 
|}
 
|}
 
<headertabs />
 
<headertabs />
 
===[[OWASP AppSec DC 2009|Back to Conference Page]]===
 
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_09]]
 
  
 
===[[OWASP AppSec DC 2009|Back to Conference Page]]===
 
===[[OWASP AppSec DC 2009|Back to Conference Page]]===
  
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_09]]
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_09]]

Revision as of 05:37, 3 November 2009




Back to Conference Page

Please note, speaking times are not final, check back regularly for updates.

Training 11/10

Day 1 - Nov 10th 2009
  Room 154A Room 149B Room 149A Room 154B Room 155
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle 		Day 1:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass 		Threat Modeling Express
Krishna Raja
Security Compass 		Foundations of Web Services and XML Security
Dave Wichers
Aspect Security 		Live CD
Matt Tesauro
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle 		Java EE Secure Code Review
Sahba Kazerooni
Security Compass 		Threat Modeling Express
Krishna Raja
Security Compass 		Foundations of Web Services and XML Security
Dave Wichers
Aspect Security 		Live CD
Matt Tesauro

Training 11/11

Day 2 - Nov 11th 2009
  Room 154A Room 149B Room 149A Room 154B
09:00-12:00 Day 2:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle 		Day 2:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass 		WebAppSec.php: Developing Secure Web Applications
Robert Zakon 		Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle 		Java EE Secure Code Review
Sahba Kazerooni
Security Compass 		WebAppSec.php: Developing Secure Web Applications
Robert Zakon 		Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security

Talks 11/12

Day 1 - Nov 12th 2009
  OWASP (146A) Tools (146B) Web 2.0 (146C) SDLC (152A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
10:00-10:30 All about OWASP OWASP Board
10:30-10:45 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
10:45-11:30 OWASP ESAPI
Jeff Williams 		Clubbing WebApps with a Botnet
Gunter Ollmann 		Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst 		Enterprise Application Security - GE's approach to solving root cause
Darren Challey
11:30-12:30 Hosted Lunch
12:30-1:15 Software Assurance Maturity Model (SAMM)
Pravir Chandra 		The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West 		Transparent Proxy Abuse
Robert Auger 		Software Development The Next Security Frontier
Jim Molini
1:15-1:20 Break
1:20-2:05 DISA's Application Security and Development STIG: How OWASP Can Help You
Jason Li 		OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett 		Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe 		The essential role of infosec in secure software development
Kenneth R. van Wyk
2:05-2:10 Break
2:10-2:55 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates 		Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber 		Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson 		SDLC Panel
 
Pravir Chandra
Dan Cornell
Michael Craigue
Dennis Hurst
Joey Peloquin
David Rook
Keith Turpin
2:55-3:00 Break Break
3:00-3:45 The ESAPI Web Application Firewall
Arshan Dabirsiaghi 		One Click Ownage
Ferruh Mavituna 		Cloudy with a chance of 0-day
Jon Rose/Tom Leavey
Web Application Security Scanner Evaluation Criteria
Brian Shura
3:45-3:50 Break
3:50-4:35 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey 		Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis 		Attacking WCF Web Services
Brian Holyfield 		Vulnerability Management in an Application Security World
Dan Cornell
Synergy! A world where the tools communicate

Josh Abraham

4:35-4:50 Break
4:40-5:30 The Entrepreneur's Guide to Career Management
Lee Kushner 		Advanced SSL: The good, the bad, and the ugly
Michael Coates 		When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies
Rafal Los 		Threat Modeling
John Steven
User input piercing for Cross Site Scripting Attacks
Matias Blanco
5:45-8:00 Cocktails and hors d'oeuvres in the EXPO Room (151)
Sponsored by AppSecDC2009-Sponsor-cenzic.gif

Talks 11/13

Day 2 - Nov 13th 2009
  Process (146A) Attack & Defend (146B) Metrics (146C) Compliance (152A)
8:00-9:00 Registration & Coffee sponsored by AppSecDC2009-Sponsor-fyrm.gif
9:00-9:45 The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher 		Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja 		The Web Hacking Incidents Database
Ryan C. Barnett 		Business Logic Automatons: Friend or Foe?
Ofer Shezaf
9:45-9:50 Break
9:50-10:35 Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe 		Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber 		Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal 		SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis
10:35-10:40 Break
10:40-11:25 Secure Software Updates: Update Like Conficker
Jeremy Allen 		Malicious Developers and Enterprise Java Rootkits
Jeff Williams 		OWASP Top 10 - 2010
Dave Wichers 		Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin
11:25-12:30 Hosted Lunch
12:30-1:15 Improving application security after an incident
Cory Scott 		The 10 least-likely and most dangerous people on the Internet
Robert Hansen 		Hacking by Numbers
Tom Brennan 		Federal CISO Panel
1:15-1:20 Break
1:20-2:05 Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney 		Automated vs. Manual Security: You can't filter The Stupid
David Byrne/Charles Henderson 		Building an in-house application security assessment team
Keith Turpin
2:05-2:10 Break
2:10-2:55 TBD TBD The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord 		Promoting Application Security within Federal Government
Sarbari Gupta
2:55-3:00 Break
3:00-3:45 Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa 		Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch 		SANS Dshield Webhoneypot Project
Jason Lam 		Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy
Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio
3:45-3:50 Break
3:50-4:00 Closing Remarks (146C)
Mark Bristow, Rex Booth, Doug Wilson

Back to Conference Page

Retrieved from "https://wiki.owasp.org/index.php?title=Mrb_Scratchpad&oldid=72614"