Difference between revisions of "MRB Scratchpad"

Revision as of 21:10, 22 September 2010

Registration | Hotel | Walter E. Washington Convention Center

Back to Conference Page

Training 11/08

Traning Day 1 - Nov 8th 2010
	Room TBD	Room TBD	Room TBD	Room TBD	Room TBD
09:00-12:00	Day 1: Class Instructor	Day 1: Class Instructor	Class Instructor	Class Instructor	Class Instructor
12:00-13:00	Lunch
13:00-17:00	Class Instructor	Class Instructor	Class Instructor	Class Instructor	Class Instructor

Training 11/09

Training Day 2 - Nov 9th 2010
	Room TBD	Room TBD	Room TBD	Room TBD	Room TBD
09:00-12:00	Day 2: Class Instructor	Day 2: Class Instructor	Class Instructor	Class Instructor	Class Instructor
12:00-13:00	Lunch
13:00-17:00	Class Instructor	Class Instructor	Class Instructor	Class Instructor	Class Instructor

Plenary 11/10

Plenary Day 1 - Nov 10th 2010
	Offense (TBD)	Defense (TBD)	OWASP (TBD)	Government (TBD)
07:30-08:50	Registration
08:50-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote: Neal Ziring National Secuirty Agency Video \| Slides
10:00-10:30	All about OWASP OWASP Board Video \| Slides
10:30-10:45	Coffee Break
10:45-11:35	Python Basics for Web App Pentesters Justin Searle Video \| Slides	Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani Video \| Slides	Don’t Judge a Website by its GUI – Read the Label! Jeff Williams Video \| Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
11:35-11:45	Break
11:45-12:35	White and Black box testing of Lotus Domino Applications Ari Elias-bachrach and Casey Pike Video \| Slides	Protecting Federal Government from Web 2.0 Application Security Risks Sarbari Gupta Video \| Slides	The Secure Coding Practices Quick Reference Guide Keith Turpin Video \| Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
12:35-1:35	Lunch
1:35-2:25	Pen Testing with Iron Andrew Wilson Video \| Slides	Providing application-level assurance through DNSSEC Suresh Krishnaswamy, Wes Hardaker and Russ Mundy Video \| Slides	OWASP ESAPI SwingSet Fabio Cerullo Video \| Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
2:25-2:35	Break
2:35-3:25	Hacking Oracle From Web Apps Sumit Siddharth Video \| Slides	GuardRails: A (Nearly) Painless Solution to Insecure Web Applications Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri Video \| Slides	Solving Real World Problems with ESAPI Chris Schmidt Video \| Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
3:25-3:40	Coffee Break
3:40-4:30	wXf: Web Exploitation Framework Ken Johnson and Seth Law Video \| Slides]	The Strengths of Combining Code Review with Application Penetration Testing Dave Wichers Video \| Slides	OWASP ModSecurity Core Rule Set Ryan Barnett Video \| Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
4:30-4:40	Break
4:40-5:30	Pen-Test Panel Video \| Slides	Botnet Resistant Coding: Protecting Your Users from Script Kiddies Fabian Rothschild and Peter Greko Video \| Slides	Attack Detection and Prevention with OWASP AppSensor Colin Watson Video\|Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
5:30-5:40		Break
5:40-6:30		A new approach to preventing injection attacks on the Web Application Stack Ahmed Masud Video \| Slides	Open Source Web Entry Firewall Ivan Buetler Video \| Slides	Hosted by DHS, DoD, NIST and NSA Video \| Slides
6:30-8:30	Cocktails and hors d'oeuvres in the EXPO Room (TBD)

Plenary 11/11

Plenary Day 2 - Nov 11th 2010
	Offense (TBD)	New Frontiers (TBD)	Metrics (TBD)	Process (TBD)
07:30-08:55	Registration
08:55-09:00	Day 2 Opening Remarks
09:00-10:00	Keynote: Ron Ross National Institute of Standards and Technology Video \| Slides
10:00-10:15	Coffee Break
10:15-11:05	Hacking SAP BusinessObjects Joshua Abraham and Will Vandevanter Video \| Slides	Cloudy with a chance of hack! Lars Ewe Video \| Slides	Secure Code Review: Enterprise Metrics Richard Tychansky Video \| Slides	Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers Dan Cornell Video \| Slides
11:05-11:15	Break
11:15-12:05	Deconstructing ColdFusion Chris Eng and Brandon Creighton Video \| Slides	Declarative Web Security Mozilla Foundation Video \| Slides	Federal CIO Panel Video \| Slides	Implementing a Secure Software Development Program Darren Death Video \| Slides
12:05-12:15	Break			Break
12:15-1:05	Friendly Traitor 2: Features are hot, but giving up our secrets is not! Kevin Johnson and Mike Poor Video \| Slides	Exploiting the media for fun and profit Aleksandr Yampolskiy Video \| Slides		Microsoft's Security Development Lifecycle for Agile Development Nick Coblentz Video \| Slides
1:05-2:05	Lunch
2:05-2:55	JavaSnoop: How to hack anything written in Java Arshan Dabirsiaghi Video \| Slides	Life in the Clouds: a Service Provider's View Michael Smith Video \| Slides	Measuring Security: 5 KPIs for Successful Web App Security Programs Rafal Los Video \| Slides	Financial ServicesPanel Video\|Slides
2:55-3:05	Break
3:05-3:55	Hacking .NET Applications at Runtime: A Dynamic Attack John McCoy Video \| Slides	Social Zombies Gone Wild: Totally Exposed and Uncensored Kevin Johnson and Tom Eston Video \| Slides	Dealing with Web Application Security, Regulation Style Andrew Weidenhamer Video \| Slides
3:55-4:10	Coffee Break
4:10-5:00	Unlocking the Toolkit: Attacking Google Web Toolkit Ron Gutierrez Video \| Slides]	Smart Phones with Dumb Apps: Threat Modeling for Mobile Application Dan Cornell Video \| Slides	OWASP Broken Web Applications Project Update Chuck Willis Video \| Slides	Code Auditing Strategies Andrew Wilson and John Hoopes Video \| Slides
			Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Joshua Windsor and Joshua Pauli Video \| Slides
5:00-5:10	Break
5:10-6:00	Constricting the Web: Offensive Python for Web Hackers Marcin Wielgoszewski and Nathan Hamiel Video \| Slides	Threats from Economical Improvement Eduardo Neves Video \| Slides	Using Misuse Cases to Articulate Vulnerabilities to Stakeholders Scott Mendenhall Video\|Slides	The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform Benjamin Tomhave Video \| Slides
			The Web Hacking Incident Database (WHID) Report Ryan Barnett Video \| Slides
6:00-6:30	Closing Remarks/Prizes The OWASP AppSec DC Team

Back to Conference Page

@@ Line 161: / Line 161: @@
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
-| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)'''
+| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''
-| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack &amp; Defend (146B)'''
+| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (TBD)'''
-| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)'''
+| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (TBD)'''
-| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)'''
+| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (TBD)'''
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" | 8:00-9:00
+| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:55
-| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration & Coffee sponsored by
+| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
-[[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
 |- valign="bottom"
-| width="72" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45
+| width="72" valign="middle" bgcolor="#7b8abd" | 08:55-09:00
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Day 2 Opening Remarks
-<br><br> Video | [[Media: none.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja <br><br> Video |
-[[Media: Securing the Core JEE Patterns-Rohit Sethi Krishna Raja.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett <br><br>
-[http://www.vimeo.com/8998992 Video] | [[Media: Web Hacking Incidents Database-Ryan Barnett.pdf | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Amichai Shulman<br><br>
-[http://www.vimeo.com/9037171 Video] | [[Media: Business Logic Automatons - Friend or Foe - Amichai Shulman.pptx| Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50
+| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35
+| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
-<br><br> Video | [[Media: Scalable Application Assessments in the Enterprise-Tom Parker Lars Ewe.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br>
-Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the
-vulnerabilities]]<br>Chris Wysopal <br><br> [http://www.vimeo.com/9007894 Video] | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed
-Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40
+| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:05
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br> Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:05-11:15
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen <br><br>
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
-Video | [[Media: none.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris
-Weber<br><br> Video | [[Media: Unicode Transformations Finding Elusive Vulnerabilities-Chris Weber.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release
-Candidate<br>Dave Wichers <br><br> [http://www.vimeo.com/9006276 Video] | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin<br><br> Video
-| [[Media: Secure SDLC The Good The Bad The Ugly-Joey Peloquin.ppt| Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 11:25-12:30
+| width="72" valign="middle" bgcolor="#7b8abd" | 11:15-12:05
-| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Mozilla Foundation<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3" | Federal CIO Panel <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 12:05-12:15
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott<br><br>
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" | Break
-Video | [[Media: Cory Scott - Improving AppSec after an incident.ppt| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert
-Hansen <br><br> Video | [[Media: The 10 least-likely and most dangerous people on the Internet - Robert Hansen.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan <br><br> Video |
-[http://www.owasp.org/images/0/06/WPstats_fall09_8th.pdf Slides]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] <br><br> Video
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
+| width="72" valign="middle" bgcolor="#7b8abd" | 12:15-1:05
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2: Features are hot, but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit]]<br>Aleksandr Yampolskiy<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br> Video | Slides
+|- valign="bottom"
+| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 1:05-2:05
+| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
+|- valign="bottom"
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:05-2:55
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Financial ServicesPanel<br><br>Video|Slides
+|- valign="bottom"
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:55-3:05
 | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:05-3:55
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>John McCoy<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br> Video | Slides
-Deleersnyder / Fabio Cerullo <br><br> Video | [http://www.owasp.org/images/7/72/US09-OWASP-Deploying-Apps_Seba_-_Fabio.ppt Slides]
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David
+|- valign="bottom"
+| width="72" valign="middle" bgcolor="#7b8abd" | 3:55-4:10
-Byrne/Charles Henderson <br><br> Video | [[Media: Automated vs Manual Security You can't filter The Stupid-David Byrne Charles Henderson.pdf| Slides]]
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith
-Turpin<br><br> [http://www.vimeo.com/8989378 Video] | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:10-5:00
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Coffee break sponsored by
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | Slides]
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Application]]<br>Dan Cornell<br><br> Video | Slides
-[[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Code Auditing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | Slides
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating
-application security knowledge and workflows]]<br>Dinis Cruz<br><br> Video |
-[http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf Slides]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and
-Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf |
-Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord <br><br>
-Video | [[Media: The OWASP Security Spending Benchmarks Project - Dr Boaz Gelbord.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari
-Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 3:05-3:10
+| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:00-5:10
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
+| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55
+| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 5:10-6:00
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | Slides
-Applications]]<br>Matthew Olney <br><br> Video | [[Media: Custom Intrusion Detection Techniques for Monitoring Web Applications-Matthew Olney.pdf| Slides]]
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video|Slides
-| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | Slides
-validation]]<br>Felipe Moreno-Strauch <br><br> Video | [[Media: Manipulating Web App Interfaces - Felipe Moreno.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam <br><br> Video |
-[[Media: SANS Dshield Webhoneypot-Jason Lam.pdf| Slides]]
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web
-Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]]
 |- valign="bottom"
-| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
-| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 |- valign="bottom"
-| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15
+| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-6:30
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson<br> Video |
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes<br>The OWASP AppSec DC Team<!-- Day 2 -->
-[[Media: ClosingRemarks.pptx| Slides]]
 |}
 <headertabs />

Difference between revisions of "MRB Scratchpad"

Revision as of 21:10, 22 September 2010

Back to Conference Page

Training 11/08

Training 11/09

Plenary 11/10

Plenary 11/11

Back to Conference Page

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools