Difference between revisions of "OWASP AppSec DC 2010 Schedule"

Revision as of 01:44, 30 October 2010

Registration | Hotel | Walter E. Washington Convention Center

Main Conference Page | Presentations Page | Training Page

Training 11/08

Training Day 1 - Nov 8th 2010
	149A	149B	145A	155	154B	159A
09:00-12:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle & Mike Poor	Day 1: Leading an AppSec Initative Dave Wichers	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades	Day 1: Software Security Best Practices Ben Tomhave	WebAppSec.php: Developing Secure Web Applications Robert Zakon	The Art of Exploiting SQL Injections Sumit Siddharth
12:00-13:00	Lunch
13:00-17:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle & Mike Poor	Day 1: Leading an AppSec Initative Dave Wichers	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades	Day 1: Software Security Best Practices Ben Tomhave	WebAppSec.php: Developing Secure Web Applications Robert Zakon	The Art of Exploiting SQL Injections Sumit Siddharth

Training 11/09

Training Day 2 - Nov 9th 2010
	149A	149B	145A	155	154B	159A	159B
09:00-12:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle & Mike Poor	Day 1: Leading an AppSec Initative Dave Wichers	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades	Day 1: Software Security Best Practices Ben Tomhave	Software Security Remediation: How to Fix Application Vulnerabilities Dan Cornell	Threat Modeling Express Rohit Sethi & Krishna Raja	Java Security Overview Zoltán Hornák
12:00-13:00	Lunch
13:00-17:00	Day 1: Assessing and Exploiting Web Applications with Samurai-WTF Justin Searle & Mike Poor	Day 1: Leading an AppSec Initative Dave Wichers	Day 1: Remote Testing for Common Web Application Security Threats David Rhoades	Day 1: Software Security Best Practices Ben Tomhave	Software Security Remediation: How to Fix Application Vulnerabilities Dan Cornell	Threat Modeling Express Rohit Sethi & Krishna Raja	Java Security Overview Zoltán Hornák

Plenary Day 1 - 11/10

Plenary Day 1 - Nov 10th 2010
	Offense (147B)	Defense (147A)	Metrics (145B)	Government (145A)
07:30-08:50	Registration
08:50-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote: Neal Ziring National Secuirty Agency Video \| Slides
10:00-10:30	All about OWASP OWASP Board Video \| Slides
10:30-10:45	Coffee Break sponsored by
10:45-11:30	Python Basics for Web App Pentesters Justin Searle Video \| Slides	Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani Video \| Slides	Secure Code Review: Enterprise Metrics Richard Tychansky Video \| Slides	Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise Joe Jarzombek Video \| Slides
11:30-11:35	Break
11:35-12:20	White and Black box testing of Lotus Domino Applications Ari Elias-bachrach and Casey Pike Video \| Slides	Protecting Federal Government from Web 2.0 Application Security Risks Sarbari Gupta Video \| Slides	Measuring Security: 5 KPIs for Successful Web App Security Programs Rafal Los Video \| Slides	Security Risk and the Software Supply Chain Karen Goertzel Video \| Slides
12:20-1:20	Lunch
1:20-2:05	Pen Testing with Iron Andrew Wilson Video \| Slides	Providing application-level assurance through DNSSEC Suresh Krishnaswamy, Wes Hardaker and Russ Mundy Video \| Slides	new prezo Video \| Slides	Understanding How They Attack Your Weaknesses: CAPEC Sean Barnum Video \| Slides
2:05-2:10	Break		Break
2:10-2:55	Hacking Oracle From Web Apps Sumit Siddharth Video \| Slides	GuardRails: A (Nearly) Painless Solution to Insecure Web Applications Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri Video \| Slides	new prezo Video \| Slides
2:55-3:10	Coffee Break sponsored by
3:10-3:55	wXf: Web Exploitation Framework Ken Johnson and Chris Gates Video \| Slides]	The Strengths of Combining Code Review with Application Penetration Testing Dave Wichers Video \| Slides	Dealing with Web Application Security, Regulation Style Andrew Weidenhamer Video \| Slides	Ensuring Software Assurance Process Maturity Edmund Wotring Video \| Slides
3:55-4:00	Break
4:00-4:45	Pen-Test Panel Video \| Slides	Botnet Resistant Coding: Protecting Your Users from Script Kiddies Fabian Rothschild and Peter Greko Video \| Slides	OWASP Broken Web Applications Project Update Chuck Willis Video \| Slides	People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group Michele Moss Video \| Slides
			Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Joshua Windsor and Joshua Pauli Video \| Slides
4:45-4:50		Break
4:50-5:35		A new approach to preventing injection attacks on the Web Application Stack Ahmed Masud Video \| Slides	Using Misuse Cases to Articulate Vulnerabilities to Stakeholders Scott Mendenhall Video\|Slides	Federal Perspectives on Application Security - Panel Video \| Slides
			The Web Hacking Incident Database (WHID) Report Ryan Barnett Video \| Slides
5:30-7:30	Cocktails sponsored by

Plenary Day 2 - 11/11

Plenary Day 2 - Nov 11th 2010
	Offense (147B)	New Frontiers (147A)	OWASP (145B)	Process (145A)
07:30-08:55	Registration
08:55-09:00	Day 2 Opening Remarks
09:00-10:00	Keynote: Ron Ross National Institute of Standards and Technology Video \| Slides
10:00-10:15	Coffee Break sponsored by
10:15-11:00	Hacking SAP BusinessObjects Joshua Abraham and Will Vandevanter Video \| Slides	Cloudy with a chance of hack! Lars Ewe Video \| Slides	Don’t Judge a Website by its GUI – Read the Label! Jeff Williams Video \| Slides	Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers Dan Cornell Video \| Slides
11:00-11:05	Break
11:05-11:50	Deconstructing ColdFusion Chris Eng and Brandon Creighton Video \| Slides	Declarative Web Security Mozilla Foundation Video \| Slides	The Secure Coding Practices Quick Reference Guide Keith Turpin Video \| Slides	Code Reviewing Strategies Andrew Wilson and John Hoopes Video \| Slides
11:50-11:55	Break
11:55-12:40	Friendly Traitor 2 Features are hot but giving up our secrets is not! Kevin Johnson and Mike Poor Video \| Slides	Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files Aleksandr Yampolskiy Video \| Slides	Open Source Web Entry Firewall Ivan Buetler Video \| Slides	Microsoft's Security Development Lifecycle for Agile Development Nick Coblentz Video \| Slides
12:40-1:40	Lunch
1:40-2:25	Hacking .NET Applications at Runtime: A Dynamic Attack Jon McCoy Video \| Slides	Life in the Clouds: a Service Provider's View Michael Smith Video \| Slides	Solving Real World Problems with ESAPI Chris Schmidt Video \| Slides	Financial Services Panel Video\|Slides
2:25-2:30	Break
2:30-3:15	JavaSnoop: How to hack anything written in Java Arshan Dabirsiaghi Video \| Slides	Social Zombies Gone Wild: Totally Exposed and Uncensored Kevin Johnson and Tom Eston Video \| Slides	Attack Detection and Prevention with OWASP AppSensor Colin Watson Video\|Slides
3:15-3:30	Coffee Break
3:30-4:15	Unlocking the Toolkit: Attacking Google Web Toolkit Ron Gutierrez Video \| Slides]	Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications Dan Cornell Video \| Slides	OWASP ModSecurity Core Rule Set Ryan Barnett Video \| Slides	Implementing a Secure Software Development Program Darren Death Video \| Slides
4:15-4:20	Break
4:20-5:05	Constricting the Web: Offensive Python for Web Hackers Marcin Wielgoszewski and Nathan Hamiel Video \| Slides	Threats from Economical Improvement Eduardo Neves Video \| Slides	OWASP ESAPI SwingSet Fabio Cerullo Video \| Slides	The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform Benjamin Tomhave Video \| Slides
5:05-5:30	Closing Remarks/Prizes The OWASP AppSec DC Team

Main Conference Page | Presentations Page | Training Page

@@ Line 115: / Line 115: @@
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | Slides
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20
@@ Line 123: / Line 123: @@
 | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3"| Federal CIO Panel <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | new prezo <br><br> Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br> Video | Slides
 |- valign="bottom"
 | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
@@ Line 133: / Line 133: @@
 | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | new prezo <br><br> Video | Slides
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10
@@ Line 142: / Line 142: @@
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> Video | Slides
 |- valign="bottom"
 | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
@@ Line 151: / Line 151: @@
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
 | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br> Video | Slides
 |- valign="bottom"
 | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
@@ Line 161: / Line 161: @@
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
 | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video|Slides
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | Panel: [[Lessons Learned from Process Implementation and Benchmarking]]<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel<br><br> Video | Slides
 |- valign="bottom"
 | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides

Difference between revisions of "OWASP AppSec DC 2010 Schedule"

Revision as of 01:44, 30 October 2010

Training 11/08

Training 11/09

Plenary Day 1 - 11/10

Plenary Day 2 - 11/11

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools