Difference between revisions of "Mrb Scratchpad"

Revision as of 20:09, 3 November 2010

Plenary Day 1 - Nov 10th 2010
	Offense (147B)	Defense (147A)	Metrics (145B)	Government (145A)
07:30-08:50	Registration
08:50-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote by Neal Ziring National Security Agency
10:00-10:30	All about OWASP OWASP Board
10:30-10:45	Coffee Break sponsored by
10:45-11:30	Python Basics for Web App Pentesters Justin Searle	Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani	Secure Code Review: Enterprise Metrics Richard Tychansky	Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise Joe Jarzombek
11:30-11:35	Break
11:35-12:20	White and Black box testing of Lotus Domino Applications Ari Elias-bachrach and Casey Pike	Protecting Federal Government from Web 2.0 Application Security Risks Sarbari Gupta	Measuring Security: 5 KPIs for Successful Web App Security Programs Rafal Los	Security Risk and the Software Supply Chain Karen Goertzel
12:20-1:20	Lunch
1:20-2:05	Pen Testing with Iron Andrew Wilson	Providing application-level assurance through DNSSEC Suresh Krishnaswamy, Wes Hardaker and Russ Mundy	H.....t.....t....p.......p....o....s....t Onn Chee & Tom Brennan	Understanding How They Attack Your Weaknesses: CAPEC Sean Barnum
2:05-2:10	Break		Break
2:10-2:55	Hacking Oracle From Web Apps Sumit Siddharth	GuardRails: A Nearly Painless Solution to Insecure Web Applications\|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri	Securing Frameworks Panel
2:55-3:10	Coffee Break sponsored by
3:10-3:55	wXf: Web Exploitation Framework Ken Johnson and Chris Gates ]	The Strengths of Combining Code Review with Application Penetration Testing Dave Wichers	Dealing with Web Application Security, Regulation Style Andrew Weidenhamer	Ensuring Software Assurance Process Maturity Edmund Wotring
3:55-4:00	Break
4:00-4:45	Pen-Test Panel	Botnet Resistant Coding: Protecting Your Users from Script Kiddies Fabian Rothschild and Peter Greko	OWASP Broken Web Applications Project Update Chuck Willis	People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group Michele Moss
			Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Joshua Windsor and Joshua Pauli
4:45-4:50		Break
4:50-5:35		A new approach to preventing injection attacks on the Web Application Stack Ahmed Masud	Using Misuse Cases to Articulate Vulnerabilities to Stakeholders Scott Mendenhall	Federal Perspectives on Application Security - Panel
			The Web Hacking Incident Database (WHID) Report Ryan Barnett
5:30-7:30	Cocktails sponsored by

@@ Line 16: / Line 16: @@
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]]<br>National Secuirty Agency<br>Video | Slides
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote by Neal Ziring<br>National Security Agency
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP<br>[[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | Slides
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP<br>OWASP Board
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
-| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Redspin30x120.png|link=http://www.redspin.com]]
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Redspin30x120.png]]
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Python Basics for Web App Pentesters<br><br>Justin Searle
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Drive By Downloads: How To Avoid Getting A Cap Popped In Your App<br><br>Neil Daswani
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Secure Code Review: Enterprise Metrics<br><br>Richard Tychansky
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]]<br>Joe Jarzombek<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise<br><br>Joe Jarzombek
 |- valign="bottom"
 | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35
@@ Line 34: / Line 34: @@
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | White and Black box testing of Lotus Domino Applications<br><br>Ari Elias-bachrach and Casey Pike
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Protecting Federal Government from Web 2.0 Application Security Risks<br><br>Sarbari Gupta
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Measuring Security: 5 KPIs for Successful Web App Security Programs<br><br>Rafal Los
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Security Risk and the Software Supply Chain<br><br>Karen Goertzel
 |- valign="bottom"
 | width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20
@@ Line 43: / Line 43: @@
 |- valign="bottom"
 | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Pen Testing with Iron<br><br>Andrew Wilson
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Providing application-level assurance through DNSSEC<br><br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]]<br>Onn Chee & Tom Brennan <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | H.....t.....t....p.......p....o....s....t<br><br>Onn Chee & Tom Brennan
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]]<br>Sean Barnum<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Understanding How They Attack Your Weaknesses: CAPEC<br><br>Sean Barnum
 |- valign="bottom"
 | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
@@ Line 53: / Line 53: @@
 |- valign="bottom"
 | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Hacking Oracle From Web Apps<br><br>Sumit Siddharth
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications<br><br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Securing Frameworks Panel <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Securing Frameworks Panel
 |- valign="bottom"
 | width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10
-| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:SecureIdeas_30X65.png|link=http://www.secureideas.net]]
+| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:SecureIdeas_30X65.png]]
 |- valign="bottom"
 | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Chris Gates<br><br> Video | Slides]
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | wXf: Web Exploitation Framework<br><br>Ken Johnson and Chris Gates ]
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | The Strengths of Combining Code Review with Application Penetration Testing<br><br>Dave Wichers
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Dealing with Web Application Security, Regulation Style<br><br>Andrew Weidenhamer
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]]<br>Edmund Wotring<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Ensuring Software Assurance Process Maturity<br><br>Edmund Wotring
 |- valign="bottom"
 | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
@@ Line 70: / Line 70: @@
 |- valign="bottom"
 | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]] <br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | Pen-Test Panel
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | Botnet Resistant Coding: Protecting Your Users from Script Kiddies<br><br>Fabian Rothschild and Peter Greko
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | OWASP Broken Web Applications Project Update<br><br>Chuck Willis<br><br>
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]]<br>Michele Moss<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group<br><br>Michele Moss
 |- valign="bottom"
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation<br><br>Joshua Windsor and Joshua Pauli<br><br>
 |- valign="bottom"
 | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
@@ Line 81: / Line 81: @@
 |- valign="bottom"
 | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | A new approach to preventing injection attacks on the Web Application Stack<br><br>Ahmed Masud
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | Using Misuse Cases to Articulate Vulnerabilities to Stakeholders<br><br>Scott Mendenhall<br><br>
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel<br><br> Video | Slides
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | Federal Perspectives on Application Security - Panel
 |- valign="bottom"
-| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
+| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | The Web Hacking Incident Database (WHID) Report<br><br>Ryan Barnett<br><br>
 |- valign="bottom"
 | width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30
-| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails sponsored by [[Image:Trustwave50x250.png|link=https://www.trustwave.com/‎‎]]
+| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails sponsored by [[Image:Trustwave50x250.png]]
 <!-- Day 1 -->
 |}

Difference between revisions of "Mrb Scratchpad"

Revision as of 20:09, 3 November 2010

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools