This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP NYC AppSec 2008 Conference"
(→[http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008]) |
|||
(119 intermediate revisions by 12 users not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
− | = | + | == Introduction == |
− | + | This event was a great success, drawing together professionals from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!! | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<br> | <br> | ||
− | < | + | <h2>SEE BELOW FOR VIDEO AND SLIDES - [http://www.flickr.com/photos/32167431@N06/tags/2008appsecusnewyork CLICK HERE FOR PHOTOS]</h2> |
+ | <center> [http://www.linkedin.com/e/gis/36874 Join the OWASP Linked'In Group] | ||
+ | - - - | ||
+ | [https://www.owasp.org/index.php/Category:OWASP_Video For Previous OWASP Conference Video CLICK HERE]</center> | ||
<hr> | <hr> | ||
− | + | == 2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below == | |
+ | {| style="width:80%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#4058A0; color:white" | | ||
− | + | <h2>Day 1 – Sept 24th, 2008 </h2> | |
− | |||
− | |||
− | |||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: BALLROOM | | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: BALLROOM | ||
Line 44: | Line 24: | ||
''avoid lines come early get your caffeine fix and use free wifi'' | ''avoid lines come early get your caffeine fix and use free wifi'' | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, how we got here and where we are going? | + | | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | '''OWASP Version 3.0 who we are, how we got here and where we are going?'''<br> |
− | ''OWASP Foundation: [ | + | ''OWASP Foundation: [[Contact | Jeff Williams]], [[Contact | Dinis Cruz]], [[Contact | Dave Wichers]], [[Contact | Tom Brennan]], [[Contact | Sebastien Deleersnyder]]'' <br> |
− | + | <center>{{#ev:googlevideo|-228977859802026041}}</center> <br> | |
+ | [http://www.owasp.org/images/b/b7/AppSecNYC08-Delivering_AppSec_Info.ppt Dave Wicher's Slides] / Jeff William's Slides / Dinis Cruz's Slides | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" | '''[[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 | Analysis of the Web Hacking Incidents Database (WHID)]]''' <br> |
− | ''[http://blog.shezaf.com Ofer Shezaf]'' | + | ''[http://blog.shezaf.com Ofer Shezaf]''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | [http://video.google.com/videoplay?docid=1130960689238372157&hl=en VIDEO] / SLIDES |
− | ''[http://joesecurity.blogspot.com Joe White]'' | + | | style="width:30%; background:#BCA57A" align="center" | |
− | | style="width:30%; background:#99FF99" align=" | + | '''[http://www.webappsecroadmap.com Web Application Security Road Map]'''<br> |
− | ''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]'' | + | ''[http://joesecurity.blogspot.com Joe White]''<br> |
+ | [http://video.google.com/videoplay?docid=-237406228011458703&hl=en VIDEO] / [https://sites.google.com/a/webappsecroadmap.com/main/announcements/owasp-appsec-2008-presentation-has-been-uploaded SLIDES] | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]'''<br> | ||
+ | ''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-6505795148329572484&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]'' | + | '''Http Bot Research'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''<br> |
− | ''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]'' | + | [http://video.google.com/videoplay?docid=1400503643786264015&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | '' [http://www.knujon.com/bios.html Garth Bruen]'' | + | '''OWASP "Google Hacking" Project'''<br> |
+ | ''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''<br> | ||
+ | [http://video.google.com/videoplay?docid=5419982525671711780&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''MalSpam Research'''<br> | ||
+ | '' [http://www.knujon.com/bios.html Garth Bruen]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-8813268235790993111&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | | + | | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Sign-Up |
''LUNCH - Provided by event sponsors @ TechExpo'' | ''LUNCH - Provided by event sponsors @ TechExpo'' | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]'' | + | '''Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]''<br> |
− | ''[ | + | [http://video.google.com/videoplay?docid=-7209323310151363553&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]'' | + | '''Framework-level Threat Analysis: Adding Science to the Art of Source-code review'''<br> |
+ | ''[[OWASP_NYC_AppSec_2008_Conference-rohit-sethi | Rohit Sethi]] & [[OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni | Sahba Kazerooni]]''<br> | ||
+ | [http://video.google.com/videoplay?docid=8935251380629216945&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Automated Web-based Malware Behavioral Analysis'''<br> | ||
+ | ''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''<br> | ||
+ | [http://video.google.com/videoplay?docid=4204600308807371535&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]'' | + | '''[http://blogs.adobe.com/psirt/2008/09/thanks_to_jeremiah_grossman_an.html New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''<br> |
− | ''[http://www.breach.com/company/executive-team/ Ivan Ristic]'' | + | [http://video.google.com/videoplay?docid=-5747622209791380934&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]'' | + | '''Web Intrusion Detection with ModSecurity'''<br> |
− | + | ''[http://www.breach.com/company/executive-team/ Ivan Ristic]''<br> | |
+ | [http://video.google.com/videoplay?docid=-7391448618249578180&hl=en VIDEO] / [[Media:OWASP_NYC_2008-Web_Intrusion_Detection_with_ModSecurity.pdf|SLIDES]] | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Using Layer 8 and OWASP to Secure Web Applications'''<br> | ||
+ | ''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-3883297889781954509&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="center" | '''Application Security Industry Outlook Panel:'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, <br> |
− | ''[http://www.linkedin.com/in/adamboulton Adam Boulton]'' | + | [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, <br> |
− | | style="width:30%; background:#99FF99" align=" | + | [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS Americas,<br> |
− | ''[ | + | [http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant,<br> |
+ | [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, <br> | ||
+ | [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, <br> | ||
+ | Moderator: [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-7051719323294878516&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#BCA57A" align="center" | | ||
+ | '''[http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI] '''<br> | ||
+ | ''[http://www.linkedin.com/in/adamboulton Adam Boulton]''<br> | ||
+ | [http://video.google.com/videoplay?docid=1673714450539106400&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web'''<br> | ||
+ | ''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou | Yiannis Pavlosoglou]]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-1551704659206071145&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="center" | |
− | '' [ | + | '''OWASP Testing Guide - Offensive Assessing Financial Applications'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | '' [[OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert | Daniel Cuthbert]]''<br> |
− | + | [http://video.google.com/videoplay?docid=-3228312539505217121&hl=en VIDEO] / SLIDES | |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | + | '''Flash Parameter Injection (FPI)'''<br> | |
+ | ''Ayal Yogev & Adi Sharabani''<br> | ||
+ | [http://video.google.com/videoplay?docid=7818654218575619118&hl=en VIDEO] / [http://blog.watchfire.com/FPI.ppt SLIDES] / [http://blog.watchfire.com/FPI.pdf PAPER] | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho | w3af - A Framework to own the web]]'''<br> | ||
+ | ''[http://www.bonsai-sec.com/ Andrés Riancho]''<br> | ||
+ | [http://video.google.com/videoplay?docid=4354579888802327250&hl=en VIDEO] / VIDEO | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="center" | |
− | '' [http://www.aspectsecurity.com/management.htm Jeff Williams]'' | + | '''OWASP Enterprise Security API [[ESAPI | (ESAPI) Project]]'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | '' [http://www.aspectsecurity.com/management.htm Jeff Williams]''<br> |
− | ''Alexios Fakos'' | + | [http://video.google.com/videoplay?docid=-2912157383449643073&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''[ | + | '''Cross-Site Scripting Filter Evasion'''<br> |
+ | ''Alexios Fakos''<br> | ||
+ | [http://video.google.com/videoplay?docid=-6974576754943514571&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann | Multidisciplinary Bank Attacks]]'''<br> | ||
+ | ''Gunter Ollmann''<br> | ||
+ | [http://video.google.com/videoplay?docid=3041861094296331549&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="center" | |
− | + | '''Open Discussion On Application Security'''<br> | |
− | '' [http:// | + | ''Joe Bernik & Steve Antoniewicz''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | [http://video.google.com/videoplay?docid=6718671647859572098&hl=en VIDEO] / SLIDES |
− | ''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]'' | + | | style="width:30%; background:#BCA57A" align="center" | |
− | | style="width:30%; background:#99FF99" align=" | + | '''Mastering PCI Section 6.6'''<br> |
− | + | ''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''<br> | |
+ | [http://video.google.com/videoplay?docid=-2544477786674220116&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Case Studies: Exploiting application testing tool deficiencies via "out of band" injection'''<br> | ||
+ | ''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''<br> | ||
+ | [http://video.google.com/videoplay?docid=7623989457736720764&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="center" | |
− | '' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]'' | + | '''[http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Spearfishing and the OWASP Live CD]'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://www.linkedin.com/in/packetfocus Joshua Perrymon]''<br> |
− | ''[http://www.linkedin.com/in/zaunere Hans Zaunere]'' | + | [http://video.google.com/videoplay?docid=-4419524791864555496&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''[ | + | '''Phundamental Security - Coding Secure w/PHP'''<br> |
+ | ''[http://www.linkedin.com/in/zaunere Hans Zaunere]''<br> | ||
+ | [http://video.google.com/videoplay?docid=3477751371038020741&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''[[Payment_Card_Data_Security_and_the_new_Enterprise_Java | Payment Card Data Security and the new Enterprise Java]]'''<br> | ||
+ | ''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar | Dr. B. V. Kumar]] & [[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav | Mr. Abhay Bhargav]]''<br> | ||
+ | [http://video.google.com/videoplay?docid=4488848043144792234&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 19:00- | + | | style="width:10%; background:#7B8ABD" | 19:00-20:00 || style="width:30%; background:#BC857A" align="center" | |
− | | style="width:30%; background:#BCA57A" align=" | + | '''OWASP Chapter Leader / Project Leader working session'''<br> |
− | | style="width:30%; background:#99FF99" align=" | + | ''OWSAP Board/Chapter Leaders'' |
+ | | style="width:30%; background:#BCA57A" align="center" | | ||
+ | '''(ISC)2 Cocktail Hour'''<br> | ||
+ | All welcome to attend for a special announcement presented by:<br> | ||
+ | [https://www.isc2.org/cgi-bin/content.cgi?page=351 W. Hord Tipton, Executive Director of (ISC)2] | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Technology Movie Night'''<br> | ||
+ | ''[http://www.youtube.com/watch?v=LlKDkTbUFhU&feature=related Sneakers], [http://www.youtube.com/watch?v=tAcEzhQ7oqA WarGames], [http://hackersarepeopletoo.com HackersArePeopleToo], [http://www.youtube.com/watch?v=4Be-ZzcXVLw TigerTeam]'' <br> | ||
+ | from 19:00 - 23:00 | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | | + | | style="width:10%; background:#7B8ABD" | 20:00-23:00+ || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Event Party/Reception <br>Event badge required for admission <br>[[OWASP_NYC_AppSec_2008_Conference/ctf | Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.]] <br>''Location: HOTEL BALLROOM'' |
<br> | <br> | ||
|- | |- | ||
− | ! colspan="10" align="center" style="background:#4058A0; color:white" | <h2>Day 2 – Sept 25th, 2008 </h2> | + | ! colspan="10" align="center" style="background:#4058A0; color:white" | |
+ | |||
+ | <h2>Day 2 – Sept 25th, 2008 </h2> | ||
|- | |- | ||
| style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo | | style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior | + | '''Software Development and Management: The Last Security Frontier'''<br> |
− | Executive Director and member of the Board of Directors, (ISC)²'' | + | ''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | [http://video.google.com/videoplay?docid=-4023599059084294937&hl=en VIDEO] / SLIDES |
− | ''Alexander Meisel'' | + | | style="width:30%; background:#BCA57A" align="center" | |
− | | style="width:30%; background:#99FF99" align=" | + | '''[[AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls | Best Practices Guide for Web Application Firewalls]]'''<br> |
− | ''[http://www.linkedin.com/in/tommyryan Thomas Ryan]'' | + | ''Alexander Meisel''<br> |
− | + | [http://video.google.com/videoplay?docid=-2977259539412442033&hl=en VIDEO] / SLIDES | |
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis | ||
+ | '''<br> | ||
+ | ''[http://www.linkedin.com/in/tommyryan Thomas Ryan]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-442445248884665643&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[http://1raindrop.typepad.com Gunnar Peterson]'' | + | '''OWASP Web Services Top Ten'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://1raindrop.typepad.com Gunnar Peterson]''<br> |
− | ''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]'' | + | [http://video.google.com/videoplay?docid=5680040858618100893&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
+ | '''[http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html Red And Tiger Team Application Security Projects]'''<br> | ||
+ | ''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-1638710543904774703&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''OpenSource Tools'''<br> | ||
+ | ''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''<br> | ||
+ | [http://video.google.com/videoplay?docid=6174945058170583976&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''Dinis Cruz'' | + | '''Building a tool for Security consultants: A story of a customized source code scanner'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''Dinis Cruz''<br> |
− | ''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]'' | + | [http://video.google.com/videoplay?docid=5269154656993046978&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]'' | + | '''"Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]'''<br> |
+ | ''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''<br> | ||
+ | [http://video.google.com/videoplay?docid=5330096815878108179&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Industry Analysis with Forrester Research'''<br> | ||
+ | ''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''<br> | ||
+ | [http://video.google.com/videoplay?docid=1391450504589087806&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" | |
− | + | '''Software Assurance Maturity Model (SAMM)'''<br> | |
− | | style="width:30%; background:#BCA57A" align=" | + | ''Pravir Chandra''<br> |
− | ''[http://www.owasp.org/ | + | [http://video.google.com/videoplay?docid=-7453282550277559385&hl=en VIDEO] / [https://www.owasp.org/images/2/2e/OWASP_CLASP_SAMM.ppt SLIDES] |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="CENTER" | |
− | ''[http://ouncelabs.com/company/team.asp Jack Danahy]'' | + | '''Security in Agile Development'''<br> |
+ | ''[[User:Wichers | Dave Wichers]]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-8287209466278543377&hl=en VIDEO] / [http://www.owasp.org/images/a/a3/AppSecNYC08-Agile_and_Secure.ppt SLIDES] | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Secure Software Impact'''<br> | ||
+ | ''[http://ouncelabs.com/company/team.asp Jack Danahy]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-3851913297265683210&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]'' | + | '''Next Generation Cross Site Scripting Worms '''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''<br> |
− | ''[http://www.linkedin.com/pub/6/372/45a James Landis]'' | + | [http://video.google.com/videoplay?docid=-2782535918275323123&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]'' | + | '''Security of Software-as-a-Service (SaaS)'''<br> |
+ | ''[http://www.linkedin.com/pub/6/372/45a James Landis]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-513622114181563795&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''[http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]'''<br> | ||
+ | ''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''<br> | ||
+ | [http://video.google.com/videoplay?docid=4352770935920515328&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [ | + | | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Status |
''LUNCH - Provided @ TechExpo'' | ''LUNCH - Provided @ TechExpo'' | ||
− | |||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''[ | + | '''[[NIST SAMATE Static Analysis Tool Exposition (SATE) | NIST and SAMATE Static Analysis Tool Exposition (SATE)]]'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''[[OWASP_NYC_AppSec_2008_Conference-vadim-okun | Vadim Okun]]''<br> |
− | ''[ | + | [http://video.google.com/videoplay?docid=-7567012344169452280&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''Larry Suto '' | + | '''[[User_talk:Jian | Lotus Notes/Domino Web Application Security]]'''<br> |
− | + | ''[[User_talk:Jian | Jian Hui Wang]]''<br> | |
+ | [http://video.google.com/videoplay?docid=8645149711234878540&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Shootout @ Blackbox Corral'''<br> | ||
+ | ''Larry Suto''<br> | ||
+ | [http://video.google.com/videoplay?docid=-1565567642122481539&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''John Steven'' | + | '''Practical Advanced Threat Modeling'''<br> |
− | + | ''John Steven''<br> | |
− | [ | + | [http://video.google.com/videoplay?docid=-734106766899160289&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | [http:// | + | '''[http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The OWASP Orizon Project: towards version 1.0]'''<br> |
+ | ''[[User:Thesp0nge | Paolo Perego]]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-9104434795648450379&hl=en VIDEO] / [http://www.owasp.org/index.php/Image:The_Owasp_Orizon_Project_Towards_version_1.0_v1.0.ppt#file SLIDES] | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''[[Building_Usable_Security | Building Usable Security]]'''<br> | ||
+ | ''[[Zed_Abbadi | Zed Abbadi]]''<br> | ||
+ | [http://video.google.com/videoplay?docid=8782541141810029760&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''Rohyt Belani'' | + | '''Off-shoring Application Development? Security is Still Your Problem'''<br> |
− | + | ''Rohyt Belani''<br> | |
− | ''Dinis Cruz'' | + | [http://video.google.com/videoplay?docid=1042293104444687505&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
− | ''[http://johanpeeters.com Johan Peeters]'' | + | '''[[OWASP_EU_Summit_2008 | OWASP EU Summit Portugal]]'''<br> |
+ | ''Dinis Cruz''<br> | ||
+ | [http://video.google.com/videoplay?docid=-7044581008789784268&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''A Security Architecture Case Study'''<br> | ||
+ | ''[http://johanpeeters.com Johan Peeters]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-4553372140069628300&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
− | | style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="center" | |
− | ''Erik Cabetas'' | + | '''Vulnerabilities in application interpreters and runtimes'''<br> |
− | | style="width:30%; background:#BCA57A" align=" | + | ''Erik Cabetas''<br> |
− | '' | + | [http://video.google.com/videoplay?docid=7859413573034669384&hl=en VIDEO] / SLIDES |
− | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
+ | '''Cryptography For Penetration Testers'''<br> | ||
+ | ''Chris Eng''<br> | ||
+ | [http://video.google.com/videoplay?docid=-5187022592682372937&hl=en VIDEO] / SLIDES | ||
+ | | style="width:30%; background:#99FF99" align="center" | | ||
+ | '''Memory Corruption and Buffer Overflows'''<br> | ||
+ | ''[http://www.immunitysec.com Dave Aitel]''<br> | ||
+ | [http://video.google.com/videoplay?docid=-1012125050474412771&hl=en VIDEO] / SLIDES | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles''' | | style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles''' | ||
+ | |||
+ | <center>{{#ev:googlevideo|8211027328063203438}}</center> <br> | ||
+ | [http://video.google.com/videoplay?docid=8211027328063203438&hl=en VIDEO] | ||
|- | |- | ||
− | + | | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better! | |
|} | |} | ||
+ | <br> | ||
+ | <center><b> So did you like the content? Lets us know.. [http://www.owasp.org/index.php/Contact Contact Us] </b></center> | ||
+ | <br> | ||
− | + | == EVENT SPONSORS == | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | <hr> | ||
+ | <center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br> | ||
+ | <br>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Platinum Sponsor] - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center><br> | ||
+ | [https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Gold, Silver, Expo & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.denimgroup.com http://www.owasp.org/images/5/56/Denimgroup.jpg] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] - | ||
+ | [http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] - | ||
+ | [http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] - | ||
+ | [http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] - | ||
+ | [http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] - [http://www.symantec.com https://www.owasp.org/images/2/26/New_Symantec_Logo.jpg] - [http://www.prevalent.net https://www.owasp.org/images/4/47/Prev_Logo_with_Tag_Line.jpg] - [http://www.mclabs.com https://www.owasp.org/images/9/91/MicroTek.jpg] - [http://www.protiviti.com https://www.owasp.org/images/c/cf/Protiviti.jpg] | ||
+ | <br> | ||
+ | <center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Sponsorship Opportunities]</center> | ||
<hr> | <hr> | ||
Line 238: | Line 350: | ||
! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350 | ! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350 | ||
|- | |- | ||
− | | style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. | + | | style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. [[:Category:OWASP_AppSec_Conference_Training#T1._Defensive_Programming_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]] |
Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]''' | Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]''' | ||
Line 281: | Line 393: | ||
{| style="width:80%" border="0" align="center" | {| style="width:80%" border="0" align="center" | ||
− | ! align="center" style="background:#4058A0; color:white" | T8. | + | ! align="center" style="background:#4058A0; color:white" | T8. Secure Coding for .NET - 2-Days - $1350 |
|- | |- | ||
− | | style="background:#F2F2F2" | | + | | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including: |
+ | # .NET security overview, | ||
+ | # All coding examples and recommendations are specifically focused on C#.NET and/or VB.NET and IIS servers, and | ||
+ | # 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a .NET application developed for the class. Both C# and VB.NET versions of the hands on coding labs are available. | ||
− | + | [[:Category:OWASP_AppSec_Conference_Training#T8._Writing_Secure_Code_ASP.NET_-_Sep_22-23.2C_2008 | Learn More Here]] | |
+ | |||
+ | Instructor: Jerry Hoff: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] | ||
|} | |} | ||
− | |||
<h2> HOTELS / TRAVEL </h2> | <h2> HOTELS / TRAVEL </h2> | ||
− | [http://www.parkcentralny.com Park Central Hotel] | + | [http://www.parkcentralny.com Park Central Hotel] |
− | + | ||
− | |||
[http://maps.google.com/maps?near=7th+Ave+%26+W+56th+St,+New+York,+NY&geocode=&q=hotels&f=l&sll=40.766339,-73.980539&sspn=0.007654,0.02223&ie=UTF8&ll=40.764681,-73.980668&spn=0.007655,0.02223&z=16 Hotels close to the venue] | [http://maps.google.com/maps?near=7th+Ave+%26+W+56th+St,+New+York,+NY&geocode=&q=hotels&f=l&sll=40.766339,-73.980539&sspn=0.007654,0.02223&ie=UTF8&ll=40.764681,-73.980668&spn=0.007655,0.02223&z=16 Hotels close to the venue] | ||
Line 310: | Line 425: | ||
New York City local news: http://www.ny1news.com | New York City local news: http://www.ny1news.com | ||
− | |||
− | |||
− | |||
− |
Latest revision as of 16:02, 31 March 2009
Introduction
This event was a great success, drawing together professionals from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!!
Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, NYC ISACA, NYC ISSA and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.
SEE BELOW FOR VIDEO AND SLIDES - CLICK HERE FOR PHOTOS
- - -
For Previous OWASP Conference Video CLICK HERE2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below
Day 1 – Sept 24th, 2008 | |||||||||
---|---|---|---|---|---|---|---|---|---|
Track 1: BALLROOM | Track 2: SKYLINE | Track 3: TIMESQUARE | |||||||
07:30-08:50 | Doors Open for Attendee/Speaker Registration
avoid lines come early get your caffeine fix and use free wifi | ||||||||
09:00-09:45 | OWASP Version 3.0 who we are, how we got here and where we are going? OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder EmbedVideo does not recognize the video service "googlevideo". Dave Wicher's Slides / Jeff William's Slides / Dinis Cruz's Slides | ||||||||
10:00-10:45 | Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf |
DHS Software Assurance Initiatives | |||||||
11:00-11:45 |
Http Bot Research |
OWASP "Google Hacking" Project |
MalSpam Research | ||||||
12:00-13:00 | Capture the Flag Sign-Up
LUNCH - Provided by event sponsors @ TechExpo | ||||||||
12:00-12:45 |
Get Rich or Die Trying - Making Money on The Web, The Black Hat Way |
Framework-level Threat Analysis: Adding Science to the Art of Source-code review |
Automated Web-based Malware Behavioral Analysis | ||||||
13:00-13:45 |
New 0-Day Browser Exploits: Clickjacking - yea, this is bad... |
Web Intrusion Detection with ModSecurity |
Using Layer 8 and OWASP to Secure Web Applications | ||||||
14:00-14:45 | Application Security Industry Outlook Panel: Jim Routh CISO DTCC, |
Security Assessing Java RMI |
JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web | ||||||
15:00-15:45 |
OWASP Testing Guide - Offensive Assessing Financial Applications |
Flash Parameter Injection (FPI) |
w3af - A Framework to own the web | ||||||
16:00-16:45 |
OWASP Enterprise Security API (ESAPI) Project |
Cross-Site Scripting Filter Evasion |
Multidisciplinary Bank Attacks | ||||||
17:00-17:45 |
Open Discussion On Application Security |
Mastering PCI Section 6.6 |
Case Studies: Exploiting application testing tool deficiencies via "out of band" injection | ||||||
18:00-18:45 |
Spearfishing and the OWASP Live CD |
Phundamental Security - Coding Secure w/PHP |
Payment Card Data Security and the new Enterprise Java | ||||||
19:00-20:00 |
OWASP Chapter Leader / Project Leader working session |
(ISC)2 Cocktail Hour |
Technology Movie Night | ||||||
20:00-23:00+ | OWASP Event Party/Reception Event badge required for admission Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes. Location: HOTEL BALLROOM
| ||||||||
Day 2 – Sept 25th, 2008 | |||||||||
08:00-10:00 | BREAKFAST - Provided by event sponsors @ TechExpo | ||||||||
08:00-08:45 |
Software Development and Management: The Last Security Frontier |
Best Practices Guide for Web Application Firewalls |
The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
| ||||||
09:00-09:45 |
OWASP Web Services Top Ten |
Red And Tiger Team Application Security Projects |
OpenSource Tools | ||||||
10:00-10:45 |
Building a tool for Security consultants: A story of a customized source code scanner |
"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment |
Industry Analysis with Forrester Research | ||||||
11:00-11:45 |
Software Assurance Maturity Model (SAMM) |
Security in Agile Development |
Secure Software Impact | ||||||
12:00-12:45 |
Next Generation Cross Site Scripting Worms |
Security of Software-as-a-Service (SaaS) |
Open Reverse Benchmarking Project | ||||||
12:00-13:00 | Capture the Flag Status
LUNCH - Provided @ TechExpo | ||||||||
13:00-13:45 |
NIST and SAMATE Static Analysis Tool Exposition (SATE) |
Lotus Notes/Domino Web Application Security |
Shootout @ Blackbox Corral | ||||||
14:00-14:45 |
Practical Advanced Threat Modeling |
The OWASP Orizon Project: towards version 1.0 |
Building Usable Security | ||||||
15:00-15:45 |
Off-shoring Application Development? Security is Still Your Problem |
OWASP EU Summit Portugal |
A Security Architecture Case Study | ||||||
16:00-16:45 |
Vulnerabilities in application interpreters and runtimes |
Cryptography For Penetration Testers |
Memory Corruption and Buffer Overflows | ||||||
17:00-17:45 | Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
EmbedVideo does not recognize the video service "googlevideo". | ||||||||
18:30-19:30 | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better! |
EVENT SPONSORS
Platinum Sponsor - - -
Gold, Silver, Expo & Other Sponsors - - - - - - - - - - -
- -
-
-
- - - - - -
CPE Credits
Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.
The CISM cpe policy (www.isaca.org/cismcpepolicy) states:
One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.
Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"
Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC
Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows: Training Courses: September 22-23, 2008 • 16 CPE units for 2 days of training (Monday - Tuesday) • 8 CPE units for 1 day of training (Monday or Tuesday Only) Conferences: September 24-25, 2008 Earn 1 CPE per hour of conference attendance
OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008
All classes begin at 9AM and end at 5:30PM
T1. Defensive Programming - 2-Days - $1350 |
---|
This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. Learn More Here |
T2. Secure Coding for Java EE - 2-Days - $1350 |
---|
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
|
T3. Web Services and XML Security - 2-Days - $1350 |
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here |
T4. Advanced Web Application Security Testing - 2-Days - $1350 |
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here |
T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675 |
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here |
T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675 |
---|
Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. Learn More Here |
T8. Secure Coding for .NET - 2-Days - $1350 |
---|
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including:
|
HOTELS / TRAVEL
What is around APPSEC2008 - Area Attractions
New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html
New York City Subway & walking directions: http://www.hopstop.com/?city=newyork
New York Sights & Sounds - SightsSounds
New York City Travel Guide - http://www.nytoday.com/
New York City Attractions - http://www.nycvisit.com
New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/
New York City local news: http://www.ny1news.com