This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mrb Scratchpad"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{| cellspacing="0" border="2"
+
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Plenary Day 2 - Nov 11th 2010'''</font>
+
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Plenary Day 1 - Nov 10th 2010'''</font>
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''  
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''  
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (147A)'''  
+
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (147A)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (145B)'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (145B)'''  
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (145A)'''
+
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (145A)'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:55
+
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:50
 
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 08:55-09:00  
+
| width="72" valign="middle" bgcolor="#7b8abd" | 08:50-09:00  
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Day 2 Opening Remarks
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote by Ron Ross<br>National Institute of Standards and Technology
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Secuirty Agency<br>Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Trustwave30x150.png]]
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Hacking SAP BusinessObjects<br><br>Joshua Abraham and Will Vandevanter 
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Redspin30x120.png|link=http://www.redspin.com]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Cloudy with a chance of hack!<br><br>Lars Ewe
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!<br><br>Jeff Williams
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers<br><br>Dan Cornell
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05
+
| width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]]<br>Joe Jarzombek<br><br> Video | Slides
 +
|- valign="bottom"
 +
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50
+
| width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Deconstructing ColdFusion <br><br>Chris Eng and Brandon Creighton 
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Declarative Web Security<br><br>Mozilla Foundation
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | The Secure Coding Practices Quick Reference Guide<br><br>Keith Turpin
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Code Reviewing Strategies<br><br>Andrew Wilson and John Hoopes
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | Slides
 +
|- valign="bottom"
 +
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20
 +
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]]<br>Onn Chee & Tom Brennan <br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Friendly Traitor 2 Features are hot but giving up our secrets is not!<br><br>Kevin Johnson and Mike Poor 
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files<br><br>Aleksandr Yampolskiy
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="1" | Break
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Open Source Web Entry Firewall<br><br>Ivan Buetler
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Microsoft's Security Development Lifecycle for Agile Development<br><br>Nick Coblentz
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | TBD <br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25
+
| width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Hacking .NET Applications at Runtime: A Dynamic Attack<br><br>Jon McCoy
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:SecureIdeas_30X65.png|link=http://www.secureideas.net]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Life in the Clouds: a Service Provider's View<br><br>Michael Smith
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Solving Real World Problems with ESAPI<br><br>Chris Schmidt 
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Financial Services Panel
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Chris Gates<br><br> Video | Slides]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | JavaSnoop: How to hack anything written in Java<br><br>Arshan Dabirsiaghi
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Social Zombies Gone Wild: Totally Exposed and Uncensored<br><br>Kevin Johnson and Tom Eston
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Attack Detection and Prevention with OWASP AppSensor<br><br>Colin Watson
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC-2010-Syngress75x30.gif]]
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]] <br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
 +
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 3:30-4:15
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Unlocking the Toolkit: Attacking Google Web Toolkit<br><br>Ron Gutierrez
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications<br><br>Dan Cornell
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | OWASP ModSecurity Core Rule Set<br><br>Ryan Barnett
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Implementing a Secure Software Development Program<br><br>Darren Death
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:15-4:20
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Constricting the Web: Offensive Python for Web Hackers<br><br>Marcin Wielgoszewski and Nathan Hamiel
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Threats from Economical Improvement<br><br>Eduardo Neves
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | OWASP ESAPI SwingSet<br><br>Fabio Cerullo
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform<br><br>Benjamin Tomhave
+
|- valign="bottom"
 +
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30  
+
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30  
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes<br>The OWASP AppSec DC Team<!-- Day 2 -->
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails sponsored by [[Image:Trustwave50x250.png|link=https://www.trustwave.com/‎‎]]
 +
<!-- Day 1 -->
 
|}
 
|}

Revision as of 20:04, 3 November 2010

Plenary Day 1 - Nov 10th 2010
  Offense (147B) Defense (147A) Metrics (145B) Government (145A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Neal Ziring
National Secuirty Agency
Video | Slides
10:00-10:30 All about OWASP
OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by Redspin30x120.png
10:45-11:30 Python Basics for Web App Pentesters
Justin Searle

Video | Slides 		Drive By Downloads: How To Avoid Getting A Cap Popped In Your App
Neil Daswani

Video | Slides 		Secure Code Review: Enterprise Metrics
Richard Tychansky

Video | Slides 		Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise
Joe Jarzombek

Video | Slides
11:30-11:35 Break
11:35-12:20 White and Black box testing of Lotus Domino Applications
Ari Elias-bachrach and Casey Pike

Video | Slides 		Protecting Federal Government from Web 2.0 Application Security Risks
Sarbari Gupta

Video | Slides 		Measuring Security: 5 KPIs for Successful Web App Security Programs
Rafal Los

Video | Slides 		Security Risk and the Software Supply Chain
Karen Goertzel

Video | Slides
12:20-1:20 Lunch
1:20-2:05 Pen Testing with Iron
Andrew Wilson

Video | Slides 		Providing application-level assurance through DNSSEC
Suresh Krishnaswamy, Wes Hardaker and Russ Mundy

Video | Slides 		H.....t.....t....p.......p....o....s....t
Onn Chee & Tom Brennan

Video | Slides 		Understanding How They Attack Your Weaknesses: CAPEC
Sean Barnum

Video | Slides
2:05-2:10 Break Break
2:10-2:55 Hacking Oracle From Web Apps
Sumit Siddharth

Video | Slides 		GuardRails: A (Nearly) Painless Solution to Insecure Web Applications
Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri

Video | Slides 		TBD

Video | Slides
2:55-3:10 Coffee Break sponsored by SecureIdeas 30X65.png
3:10-3:55 wXf: Web Exploitation Framework
Ken Johnson and Chris Gates

Video | Slides] 		The Strengths of Combining Code Review with Application Penetration Testing
Dave Wichers

Video | Slides 		Dealing with Web Application Security, Regulation Style
Andrew Weidenhamer

Video | Slides 		Ensuring Software Assurance Process Maturity
Edmund Wotring

Video | Slides
3:55-4:00 Break
4:00-4:45 Pen-Test Panel

Video | Slides 		Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild and Peter Greko

Video | Slides 		OWASP Broken Web Applications Project Update
Chuck Willis
Video | Slides 		People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group
Michele Moss

Video | Slides
Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation
Joshua Windsor and Joshua Pauli
Video | Slides
4:45-4:50 Break
4:50-5:35 A new approach to preventing injection attacks on the Web Application Stack
Ahmed Masud

Video | Slides 		Using Misuse Cases to Articulate Vulnerabilities to Stakeholders
Scott Mendenhall
Video | Slides 		Federal Perspectives on Application Security - Panel

Video | Slides
The Web Hacking Incident Database (WHID) Report
Ryan Barnett
Video | Slides
5:30-7:30 Cocktails sponsored by Trustwave50x250.png
Retrieved from "https://wiki.owasp.org/index.php?title=Mrb_Scratchpad&oldid=92308"