This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2009 Schedule"
From OWASP
Mark.bristow (talk | contribs) (→Back to Conference Page) |
Mark.bristow (talk | contribs) (→Back to Conference Page) |
||
Line 94: | Line 94: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra <br><br> Video | [[Media: Software Assurance Maturity Model (SAMM)-Pravir Chandra.ppt| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger | ||
Line 106: | Line 106: | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[SDLC Panel AppSecDC|Secure SDLC Panel: Real answers from real experience]]<br><i>Panelists:</i><br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>Keith Turpin<br> <br><i>Moderator:</i><br>Pravir Chandra | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[SDLC Panel AppSecDC|Secure SDLC Panel: Real answers from real experience]]<br><i>Panelists:</i><br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>Keith Turpin<br> <br><i>Moderator:</i><br>Pravir Chandra<br><br> Video | [[Media: SDLC Panel.ppt| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10 | ||
Line 138: | Line 138: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br> | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br> | ||
− | Josh Abraham | + | Josh Abraham <br><br> Video | [[Media: Synergy A world where tools communicate-Josh Abraham.pptx| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50 | ||
Line 181: | Line 181: | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> Video | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> Video | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40 | ||
Line 207: | Line 207: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> Video | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20 | ||
Line 216: | Line 216: | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 3:05-3:10 | | width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 3:05-3:10 | ||
Line 225: | Line 225: | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00 |
Revision as of 17:37, 20 November 2009
Back to Conference Page
Training 11/10
Day 1 - Nov 10th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | Room 155 | |
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 1: Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
Training 11/11
Day 2 - Nov 11th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | ||
09:00-12:00 | Day 2: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 2: Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security | |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security |