This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2010 Schedule"

From OWASP
Jump to: navigation, search
Line 109: Line 109:
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | [[Media: OWASP_AppSecDC_2010_Into_the_Rabbithole.pptx | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | [[Media: OWASP_AppSecDC_2010_Into_the_Rabbithole.pptx | Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]]<br>Karen Goertzel<br><br> Video | [[Media:BoozAllen-AppSecDC2010-sw_scrm.pdf|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20  
Line 153: Line 153:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35  
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]]<br>David Shelly, Randy Marchany & Joseph Tront<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]]<br>David Shelly, Randy Marchany & Joseph Tront<br><br> Video | [[Media:Closing_the_Gap_AppSecDC_Shelly.ppt|Slides]]
 
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides
 
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | [[Media:AppSecDC_2010-WHID_Report-Ryan_Barnett.ppt|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30  
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30  
Line 233: Line 233:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | [[Media:AppSecDC_2010-ModSecurityCRS_Ryan_Barnett.ppt|Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 242: Line 242:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | [[Media:Esapi_swingset_talk_dc.ppt|Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]]
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]]
 
|- valign="bottom"
 
|- valign="bottom"

Revision as of 01:52, 28 November 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Main Conference Page | Presentations Page | Training Page

Training 11/08

Training Day 1 - Nov 8th 2010
  149A 149B 154A 155 154B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		The Art of Exploiting SQL Injections
Sumit Siddharth, 7Safe Limited 		WebAppSec.php: Developing Secure Web Applications
Robert Zakon
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		The Art of Exploiting SQL Injections
Sumit Siddharth, 7Safe Limited 		WebAppSec.php: Developing Secure Web Applications
Robert Zakon

Training 11/09

Training Day 2 - Nov 9th 2010
  149A 149B 154A 155 154B 159B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		Java Security Overview
Zoltán Hornák, SEARCH-LAB 		Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell, Denim Group 		Threat Modeling Express
Rohit Sethi & Oliver Ng, Security Compass
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle, InGuardians 		Day 1:
Leading an AppSec Initiative
Jeff Williams, Aspect Security 		Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades, Maven Security 		Java Security Overview
Zoltán Hornák, SEARCH-LAB 		Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell, Denim Group 		Threat Modeling Express
Rohit Sethi & Oliver Ng, Security Compass

Plenary Day 1 - 11/10

Plenary Day 1 - Nov 10th 2010
  Offense (147B) Defense (147A) Metrics (145B) Government (145A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Neal Ziring
National Security Agency
Video | Slides
10:00-10:30 OWASP Status Update
OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by Redspin30x120.png
10:45-11:30 Python Basics for Web App Pentesters
Justin Searle

Video | Slides 		Drive By Downloads: How To Avoid Getting A Cap Popped In Your App
Neil Daswani

Video | Slides 		Secure Code Review: Enterprise Metrics
Richard Tychansky

Video | Slides 		Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise
Joe Jarzombek & Tom Millar

Video | Slides
11:30-11:35 Break
11:35-12:20 White and Black box testing of Lotus Domino Applications
Ari Elias-bachrach and Casey Pike

Video | Slides 		Protecting Federal Government from Web 2.0 Application Security Risks
Sarbari Gupta

Video | Slides 		Measuring Security: 5 KPIs for Successful Web App Security Programs
Rafal Los

Video | Slides 		Security Risk and the Software Supply Chain
Karen Goertzel

Video | Slides
12:20-1:20 Lunch
1:20-2:05 Pen Testing with Iron
Andrew Wilson

Video | Slides 		Providing application-level assurance through DNSSEC
Suresh Krishnaswamy, Wes Hardaker and Russ Mundy

Video | Slides 		H.....t.....t....p.......p....o....s....t
Onn Chee & Tom Brennan

Video | Slides 		Understanding How They Attack Your Weaknesses: CAPEC
Sean Barnum



Making Security Measurable
Video | Slides


Understanding How They Attack Your Weaknesses
Video | Slides
2:05-2:10 Break Break
2:10-2:55 Hacking Oracle From Web Apps
Sumit Siddharth

Video | Slides 		GuardRails: A (Nearly) Painless Solution to Insecure Web Applications
Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri

Video | Slides 		Framed! Security-patching Common Web Development Frameworks - Panel
2:55-3:10 Coffee Break sponsored by SecureIdeas 30X65.png
3:10-3:55 wXf: Web Exploitation Framework
Ken Johnson and Chris Gates

Video | Slides 		The Strengths of Combining Code Review with Application Penetration Testing
Dave Wichers

Video | Slides 		Dealing with Web Application Security, Regulation Style
Andrew Weidenhamer

Video | Slides 		Ensuring Software Assurance Process Maturity
Edmund Wotring

Video | Slides
3:55-4:00 Break
4:00-4:45 Pen-Test Panel Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild and Peter Greko

Video | Slides 		OWASP Broken Web Applications Project Update
Chuck Willis
Video | Slides 		People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group
Michele Moss

Video | Slides
Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation
Joshua Windsor and Joshua Pauli
Video | Slides
4:45-4:50 Break
4:50-5:35 Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners
David Shelly, Randy Marchany & Joseph Tront

Video | Slides 		Using Misuse Cases to Articulate Vulnerabilities to Stakeholders
Scott Mendenhall
Video | Slides 		Federal Perspectives on Application Security - Panel
The Web Hacking Incident Database (WHID) Report
Ryan Barnett
Video | Slides
5:30-7:30 Cocktails sponsored by Trustwave50x250.png

Plenary Day 2 - 11/11

Plenary Day 2 - Nov 11th 2010
  Offense (147B) New Frontiers (147A) OWASP (145B) Process (145A)
07:30-08:55 Registration
08:55-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote: Ron Ross
National Institute of Standards and Technology
Video | Slides
10:00-10:15 Coffee Break sponsored by Trustwave30x150.png
10:15-11:00 Hacking SAP BusinessObjects
Joshua Abraham and Will Vandevanter

Video | Slides 		Cloudy with a chance of hack!
Lars Ewe

Video | Slides 		Don’t Judge a Website by its Icon – Read the Label!
Jeff Williams

Video | Slides 		Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Dan Cornell

Video | Slides
11:00-11:05 Break
11:05-11:50 Deconstructing ColdFusion
Chris Eng and Brandon Creighton

Video | Slides 		Declarative Web Security
Brandon Sterne

Video | Slides 		The Secure Coding Practices Quick Reference Guide
Keith Turpin

Video | Slides 		Code Reviewing Strategies
Andrew Wilson and John Hoopes

Video | Slides
11:50-11:55 Break
11:55-12:40 Friendly Traitor 2 Features are hot but giving up our secrets is not!
Kevin Johnson and Mike Poor

Video | Slides 		Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files
Aleksandr Yampolskiy

Video | Slides 		Open Source Web Entry Firewall
Ivan Buetler

Video | Slides 		Microsoft's Security Development Lifecycle for Agile Development
Nick Coblentz

Video | Slides
12:40-1:40 Lunch
1:40-2:25 Hacking .NET Applications at Runtime: A Dynamic Attack
Jon McCoy

Video | Slides 		Life in the Clouds: a Service Provider's View
Michael Smith

Video | Slides 		Solving Real World Problems with ESAPI
Chris Schmidt

Video | Slides 		Financial Services Panel
2:25-2:30 Break
2:30-3:15 JavaSnoop: How to hack anything written in Java
Arshan Dabirsiaghi

Video | Slides 		Social Zombies Gone Wild: Totally Exposed and Uncensored
Kevin Johnson and Tom Eston

Video | Slides 		Attack Detection and Prevention with OWASP AppSensor
Colin Watson

Video | Slides
3:15-3:30 Coffee Break sponsored by AppSecDC-2010-Syngress75x30.gif
3:30-4:15 Unlocking the Toolkit: Attacking Google Web Toolkit
Ron Gutierrez

Video | Slides 		Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications
Dan Cornell

Video | Slides 		OWASP ModSecurity Core Rule Set
Ryan Barnett

Video | Slides 		Implementing a Secure Software Development Program
Darren Death

Video | Slides
4:15-4:20 Break
4:20-5:05 Constricting the Web: Offensive Python for Web Hackers
Marcin Wielgoszewski and Nathan Hamiel

Video | Slides 		Threats from Economical Improvement
Eduardo Neves

Video | Slides 		OWASP ESAPI SwingSet
Fabio Cerullo

Video | Slides 		The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform
Benjamin Tomhave

Video | Slides
5:05-5:30 Closing Remarks/Prizes
The OWASP AppSec DC Team

Main Conference Page | Presentations Page | Training Page

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2010_Schedule&oldid=94229"