This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2009 Schedule"
From OWASP
Mark.bristow (talk | contribs) (→Back to Conference Page) |
Dallendoug (talk | contribs) (added first round of video links) |
||
(17 intermediate revisions by 4 users not shown) | |||
Line 76: | Line 76: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00 | | width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]] | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]]<br>Video | [[Media: Keynote - Joe Jarzombek.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30 | | width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]] | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | [[Media:OWASP-US09 all about owasp speech and summit outcome.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45 | | width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45 | ||
Line 86: | Line 86: | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30 | | width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams <br><br> Video | [[Media: OWASP ESAPI-Jeff Williams.pptx| Slides]] | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams <br><br> Video | [[Media: OWASP ESAPI-Jeff Williams.pptx| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann <br><br> Video | [[Media: | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann <br><br> Video | [[Media: Clubbing WebApps with a Botnet - Gunter Ollmann.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst<br><br> Video | [[Media: Understanding the Implications of Cloud Computing on Application Security-Dennis Hurst.pdf| Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst<br><br> Video | [[Media: Understanding the Implications of Cloud Computing on Application Security-Dennis Hurst.pdf| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey <br><br> Video | [[Media: Enterprise Application Security GEs approach to solving root cause-Darren Challey.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30 | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30 | ||
Line 97: | Line 97: | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger<br><br> Video | [[Media: Transparent Proxy Abuse-Robert Auger.pdf| Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger<br><br> Video | [[Media: Transparent Proxy Abuse-Robert Auger.pdf| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini<br><br> Video | [[Media: Software Development The Next Security Frontier-Jim Molini.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20 | ||
Line 114: | Line 114: | ||
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates <br><br> Video | [[Media: Defend Yourself-Integrating Real Time Defenses into Online Applications-Michael Coates.pdf| Slides]] | | width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates <br><br> Video | [[Media: Defend Yourself-Integrating Real Time Defenses into Online Applications-Michael Coates.pdf| Slides]] | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber <br><br> Video | [[Media: Finding the Hotspots Web-security testing with the Watcher tool-Chris Weber.pdf| Slides]] | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber <br><br> Video | [[Media: Finding the Hotspots Web-security testing with the Watcher tool-Chris Weber.pdf| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson<br><br> Video | [[Media: Social Zombies-Kevin Johnson Tom Eston.pdf| Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson<br><br> [http://www.vimeo.com/9037895 Video] | [[Media: Social Zombies-Kevin Johnson Tom Eston.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 2:55-3:10 | | width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 2:55-3:10 | ||
Line 120: | Line 120: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:10-3:55 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:10-3:55 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi <br><br> Video | [[Media: | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi <br><br> Video | [[Media: The ESAPI Web Application Firewall-Arshan Dabirsiaghi.pdf| Slides]] |
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna <br><br> Video | [[Media: One Click Ownage-Ferruh Mavituna.pdf| Slides]] | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna <br><br> Video | [[Media: One Click Ownage-Ferruh Mavituna.pdf| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey<br><br> Video | [[Media: | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey<br><br> [http://www.vimeo.com/8980691 Video] | [[Media: Cloudy with a chance of 0 day - Jon Rose-Tom Leavey.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk <br><br> Video | [[Media: The essential role of IR in software development-Kenneth van Wyk.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura <br><br> Video | [[Media: Web Application Security Scanner Evaluation Criteria - Brian Shura.ppt | Slides]] | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura <br><br> Video | [[Media: Web Application Security Scanner Evaluation Criteria - Brian Shura.ppt | Slides]] | ||
Line 135: | Line 135: | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis<br><br> Video | [[Media: Learning by Breaking A New Project Insecure Web Apps-Chuck Willis.ppt| Slides]] | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis<br><br> Video | [[Media: Learning by Breaking A New Project Insecure Web Apps-Chuck Willis.ppt| Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield<br><br> Video | [[Media: Attacking WCF Web Services-Brian Holyfield.pdf| Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield<br><br> Video | [[Media: Attacking WCF Web Services-Brian Holyfield.pdf| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell <br><br> Video | [[Media: | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell <br><br> Video | [[Media: Vulnerability Management in an Application Security World-Dan Cornell.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br> | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br> | ||
Line 146: | Line 146: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner <br><br> Video | [[Media: The Entrepreneurs Guide to Career Management-Lee Kushner.pdf| Slides]] | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner <br><br> Video | [[Media: The Entrepreneurs Guide to Career Management-Lee Kushner.pdf| Slides]] | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates <br><br> Video | [[Media: Advanced SSL The good the bad and the ugly-Michael Coates.pdf| Slides]] | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates <br><br> Video | [[Media: Advanced SSL The good the bad and the ugly-Michael Coates.pdf| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies]]<br>Rafal Los<br><br> Video | [[Media: When Web 2.0 Attacks - Understanding Security Implications of Highly Interactive Technologies-Rafal Los.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven <br><br> Video | [[Media: none.pdf| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco<br><br> Video | [[Media: User input piercing for Cross Site Scripting Attacks-Matias Blanco.pdf| Slides]] | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco<br><br> Video | [[Media: User input piercing for Cross Site Scripting Attacks-Matias Blanco.pdf| Slides]] | ||
Line 169: | Line 169: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45 | | width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher <br><br> Video | [[Media: none.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja <br><br> Video | [[Media: Securing the Core JEE Patterns-Rohit Sethi Krishna Raja.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett <br><br> [http://www.vimeo.com/8998992 Video] | [[Media: Web Hacking Incidents Database-Ryan Barnett.pdf | Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Amichai Shulman<br><br> Video | [[Media: Business Logic Automatons - Friend or Foe - Amichai Shulman.pptx| Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Amichai Shulman<br><br> [http://www.vimeo.com/9037171 Video] | [[Media: Business Logic Automatons - Friend or Foe - Amichai Shulman.pptx| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50 | ||
Line 178: | Line 178: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe <br><br> Video | [[Media: Scalable Application Assessments in the Enterprise-Tom Parker Lars Ewe.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> Video | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> [http://www.vimeo.com/9007894 Video] | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]] | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 187: | Line 187: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen <br><br> Video | [[Media: none.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber<br><br> Video | [[Media: Unicode Transformations Finding Elusive Vulnerabilities-Chris Weber.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> Video | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> [http://www.vimeo.com/9006276 Video] | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]] |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin<br><br> Video | [[Media: Secure SDLC The Good The Bad The Ugly-Joey Peloquin.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin<br><br> Video | [[Media: Secure SDLC The Good The Bad The Ugly-Joey Peloquin.ppt| Slides]] | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 197: | Line 197: | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott<br><br> Video | [[Media: Cory Scott - Improving AppSec after an incident.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott<br><br> Video | [[Media: Cory Scott - Improving AppSec after an incident.ppt| Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen <br><br> Video | [[Media: The 10 least-likely and most dangerous people on the Internet - Robert Hansen.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan <br><br> Video | [http://www.owasp.org/images/0/06/WPstats_fall09_8th.pdf Slides] |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] <br><br> Video |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20 | ||
Line 205: | Line 205: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo <br><br> Video | [http://www.owasp.org/images/7/72/US09-OWASP-Deploying-Apps_Seba_-_Fabio.ppt Slides] |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson <br><br> Video | [[Media: Automated vs Manual Security You can't filter The Stupid-David Byrne Charles Henderson.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> Video | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]] | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> [http://www.vimeo.com/8989378 Video] | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]] |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20 | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20 | ||
Line 213: | Line 213: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz<br><br> Video | [http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf Slides] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]] | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord <br><br> Video | [[Media: The OWASP Security Spending Benchmarks Project - Dr Boaz Gelbord.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]] | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 222: | Line 222: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney <br><br> Video | [[Media: Custom Intrusion Detection Techniques for Monitoring Web Applications-Matthew Olney.pdf| Slides]] |
− | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch | + | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch <br><br> Video | [[Media: Manipulating Web App Interfaces - Felipe Moreno.pdf| Slides]] |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam <br><br> Video | [[Media: SANS Dshield Webhoneypot-Jason Lam.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]] | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 231: | Line 231: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15 | | width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson<br> Video | [[Media: ClosingRemarks.pptx| Slides]] |
|} | |} | ||
<headertabs /> | <headertabs /> |
Latest revision as of 23:59, 8 February 2010
Back to Conference Page
Training 11/10
Day 1 - Nov 10th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | Room 155 | |
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 1: Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
Training 11/11
Day 2 - Nov 11th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | ||
09:00-12:00 | Day 2: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 2: Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security | |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security |