This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP NYC AppSec 2008 Conference/altspeaker"

From OWASP
Jump to: navigation, search
Line 24: Line 24:
  
 
<add as required>
 
<add as required>
 +
 +
== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
 +
<center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
 +
{| style="width:80%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
 +
| style="width:30%; background:#BCA57A" | Track 2:
 +
| style="width:30%; background:#7B8ABD" | Track 3:
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 08:00-09:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Badge Registration, [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 09:15-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Introduction, OWASP Version 3.0 where we are.. where we are going
 +
''OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:30-11:30 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
 +
''Robert "RSnake" Hansen CEO [http://www.sectheory.com SecTheory]''
 +
| style="width:30%; background:#BCA57A" align="left" | Offensive Assessing Financial Apps
 +
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
 +
| style="width:30%; background:#7B8ABD" align="left" | Web Intrusion Detection with ModSecurity
 +
''Ivan Ristic''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:30%; background:#BC857A" align="left" | Reverse Engineering .NET
 +
''Adam Boulton''
 +
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] 0.1 - 1.1: [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Building a Java Fuzzer for the Web]
 +
''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou] - Senior Director - [http://www.ouncelabs.com Ounce Labs] ''
 +
| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP LIVE CD]
 +
''Joshua Perrymon - CEO [http://www.packetfocus.com Packetfocus]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 12:30-13:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
 +
''Gunter Ollmann, Director Security Strategy, [http://www.iss.net IBM Internet Security Systems]''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP CLASP
 +
''Pravir Chandra''
 +
| style="width:30%; background:#7B8ABD" align="left" | Shootout at the Blackbox Corral
 +
''Dinis Cruz & Larry Suto''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 13:30-14:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
 +
Moderator: Mahi Dontamsetti
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af, a framework to own the web] -
 +
[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho ''Andres Riancho''], [http://www.cybsec.com/ Cybsec]
 +
 +
| style="width:30%; background:#BCA57A" align="left" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What's_hot_for_2008 | Trends in Web Hacking: What's hot in 2008<br/>Analysis of the Web Hacking Incidents Database (WHID)]]
 +
''[http://blog.shezaf.com Ofer Shezaf], Breach''
 +
| style="width:30%; background:#7B8ABD" align="left" | Security in Agile Development
 +
''Dave Wichers, COO [http://www.aspectsecurity.com Aspect Security]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 15:30-16:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/ESAPI OWASP Enterprise Security API (ESAPI) Project]
 +
''Jeff Williams, CEO [http://www.aspectsecurity.com Aspect Security]''
 +
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
 +
''Arshan Dabirsiaghi, Director of Research [http://www.aspectsecurity.com Aspect Security]''
 +
| style="width:30%; background:#7B8ABD" align="left" | "Threading the Needle:
 +
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks."
 +
''Arian Evans, Director of Operations [http://www.whitehatsec.com WhiteHat Security]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:30%; background:#BC857A" align="left" | Shhhh Don’t Tell Anybody
 +
''Petko D. Petkov, a.k.a. pdp''
 +
| style="width:30%; background:#BCA57A" align="left" | Secure PHP
 +
''Hans Zaunere, CEO [http://www.nyphp.com NYCPHP]''
 +
| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
 +
''[http://www.owasp.org/index.php/Dr_BV_Kumar_and_Mr_Abhay_Bhargav Dr. B. V. Kumar & Mr. Abhay Bhargav] ''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 17:30-18:30 || style="width:30%; background:#BC857A" align="left" | Notes Security
 +
''Jian Hui Wang''
 +
| style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
 +
''Taylor McKinley and Jacob West''
 +
| style="width:30%; background:#7B8ABD" align="left" | AppSec Techniques
 +
''JD Glaser, CEO [http://www.ntobjectives.com/company/management.php NTO Objectives]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Capture the Flag - [http://isis.poly.edu/projects Polytechnic University] & OWASP Chapter Leader Meeting - '''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 20:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | ''' Speaker/Attendee Reception'''
 +
|-
 +
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 8:00-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Breakfast @ Tech-Expo
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 0900-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | [http://www.aeispeakers.com/speakerbio.php?SpeakerID=1192 Prof. Howard A. Schmidt, CISSP, CISM (Hon.)] |
 +
Current (ISC)² Security Strategist and Former White House Cyber Security Advisor
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:00-11:00 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
 +
''John Steven''
 +
| style="width:30%; background:#BCA57A" align="left" | [http://reversebenchmarking.com Open Reverse Benchmarking Project]
 +
''Marce Luck & Tom Stracener''
 +
| style="width:30%; background:#7B8ABD" align="left" | Building Usable Security
 +
''Zed Abbadi''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 11:00-12:00 || style="width:30%; background:#BC857A" align="left" | Offshoring Application Development? Security is Still Your Problem
 +
''Rohyt Belani''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP Orizon Project
 +
''Paolo Perego''
 +
| style="width:30%; background:#7B8ABD" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
 +
''Vadim Okun''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
 +
''[http://www.expresscertifications.com/company/execmgt.aspx Mano Paul] CEO [http://www.expresscertifications.com Express Certifications]''
 +
| style="width:30%; background:#BCA57A" align="left" | Software Liability
 +
''Jack Danahy''
 +
| style="width:30%; background:#7B8ABD" align="left" | Cross-Site Scripting Filter Evasion
 +
''Alexios Fakos''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 13:00-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Projects "Dinis Cruz & OWASP Project Leaders"
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 14:00-15:00 || style="width:30%; background:#BC857A" align="left" | Projects with OWASP
 +
''Steve Malson''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP Pantera Advances
 +
''Simon Roses Femerling''
 +
| style="width:30%; background:#7B8ABD" align="left" | Software-as-a-Service (SaaS)
 +
''James Landis''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 15:00-16:00 || style="width:30%; background:#BC857A" align="left" | "Out of Band" Injection
 +
''Vijay Akasapu & Marshall Heilman''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
 +
''Christian Heinrich''
 +
| style="width:30%; background:#7B8ABD" align="left" | Caution, Java ahead
 +
''Jeremiah Grossman CTO [http://www.whitehatsec.com WhiteHat Security]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 16:00-17:00 || style="width:30%; background:#BC857A" align="left" | [[Input validation: the Good, the Bad and the Ugly]]
 +
''[[Johan Peeters]]''
 +
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
 +
''Ayal Yogev & Yuval Baror''
 +
| style="width:30%; background:#7B8ABD" align="left" | Learning the .Net Debugging API
 +
''Kevin Spett''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:30%; background:#BC857A" align="left" | Secure System Development Life Cycle (SSDLC) Methodology for SOA
 +
''Ken Huang''
 +
| style="width:30%; background:#BCA57A" align="left" |  Web Security Education using Open Source Tools
 +
''Prof. Li-Chiou Chen & Chienitng Lin''
 +
| style="width:30%; background:#7B8ABD" align="left" | Friend or Foe: Penetration Testing VS Source Code Analysis
 +
''Tom Ryan''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Closing Remarks / CTF Awards / Raffles'''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Farewell dinner.. Go secure the world'''
 +
|}

Revision as of 14:25, 3 July 2008

 Alternative Speaker Wiki Submission
 The below is a list of speaker names, bios and abstracts for the 2008 event

(These are in no order)


1. Joe White - PCI

2. Joe J (DHS) - ?

3. Kenneth R. van Wyk - ?

4. Andy Steingruebl - Paypal

5. Blake Cornell - XSS/MITM

6. Andre M. DiMino Shadowserver Research

7. Garth Bruen knujon Research

8. David Stern, NYC using OWASP NYC

9.

<add as required>

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th

OWASP Speaker Agreement
Day 1 – Sept 24th, 2008
Track 1: Track 2: Track 3:
08:00-09:30 Doors Open for Badge Registration, Capture the Flag Sign-Up & Exhibit/Sponsor Area
09:15-10:15 Introduction, OWASP Version 3.0 where we are.. where we are going

OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers

10:30-11:30 Logic Attacks and Inefficiencies of Robotic Detection

Robert "RSnake" Hansen CEO SecTheory

Offensive Assessing Financial Apps

Daniel Cuthbert

Web Intrusion Detection with ModSecurity

Ivan Ristic

11:30-12:30 Reverse Engineering .NET

Adam Boulton

JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web

Yiannis Pavlosoglou - Senior Director - Ounce Labs

OWASP LIVE CD

Joshua Perrymon - CEO Packetfocus

12:30-13:30 Multidisciplinary Bank Attacks

Gunter Ollmann, Director Security Strategy, IBM Internet Security Systems

OWASP CLASP

Pravir Chandra

Shootout at the Blackbox Corral

Dinis Cruz & Larry Suto

13:30-14:30 Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs

Moderator: Mahi Dontamsetti

14:30-15:30 w3af, a framework to own the web -

Andres Riancho, Cybsec

Trends in Web Hacking: What's hot in 2008
Analysis of the Web Hacking Incidents Database (WHID)

Ofer Shezaf, Breach

Security in Agile Development

Dave Wichers, COO Aspect Security

15:30-16:30 OWASP Enterprise Security API (ESAPI) Project

Jeff Williams, CEO Aspect Security

Next Generation Cross Site Scripting Worms

Arshan Dabirsiaghi, Director of Research Aspect Security

"Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks." Arian Evans, Director of Operations WhiteHat Security

16:30-17:30 Shhhh Don’t Tell Anybody

Petko D. Petkov, a.k.a. pdp

Secure PHP

Hans Zaunere, CEO NYCPHP

Payment Card Data Security and the new Enterprise Java

Dr. B. V. Kumar & Mr. Abhay Bhargav

17:30-18:30 Notes Security

Jian Hui Wang

Mastering PCI Section 6.6

Taylor McKinley and Jacob West

AppSec Techniques

JD Glaser, CEO NTO Objectives

18:30 Capture the Flag - Polytechnic University & OWASP Chapter Leader Meeting -
20:00 Speaker/Attendee Reception
Day 2 – Sept 25th, 2008
8:00-10:00 Breakfast @ Tech-Expo
0900-10:00 Prof. Howard A. Schmidt, CISSP, CISM (Hon.) |

Current (ISC)² Security Strategist and Former White House Cyber Security Advisor

10:00-11:00 Practical Advanced Threat Modeling

John Steven

Open Reverse Benchmarking Project

Marce Luck & Tom Stracener

Building Usable Security

Zed Abbadi

11:00-12:00 Offshoring Application Development? Security is Still Your Problem

Rohyt Belani

OWASP Orizon Project

Paolo Perego

NIST SAMATE Static Analysis Tool Exposition (SATE)

Vadim Okun

12:00-13:00 Wild Wild Web on Security Planet

Mano Paul CEO Express Certifications

Software Liability

Jack Danahy

Cross-Site Scripting Filter Evasion

Alexios Fakos

13:00-14:00 OWASP Projects "Dinis Cruz & OWASP Project Leaders"
14:00-15:00 Projects with OWASP

Steve Malson

OWASP Pantera Advances

Simon Roses Femerling

Software-as-a-Service (SaaS)

James Landis

15:00-16:00 "Out of Band" Injection

Vijay Akasapu & Marshall Heilman

OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth

Christian Heinrich

Caution, Java ahead

Jeremiah Grossman CTO WhiteHat Security

16:00-17:00 Input validation: the Good, the Bad and the Ugly

Johan Peeters

Flash Parameter Injection (FPI)

Ayal Yogev & Yuval Baror

Learning the .Net Debugging API

Kevin Spett

17:00-18:00 Secure System Development Life Cycle (SSDLC) Methodology for SOA

Ken Huang

Web Security Education using Open Source Tools

Prof. Li-Chiou Chen & Chienitng Lin

Friend or Foe: Penetration Testing VS Source Code Analysis

Tom Ryan

18:30 Closing Remarks / CTF Awards / Raffles
21:00 Farewell dinner.. Go secure the world
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference/altspeaker&oldid=33306"