This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2009 Schedule"
From OWASP
(→Back to Conference Page) |
Mark.bristow (talk | contribs) (→Back to Conference Page) |
||
Line 42: | Line 42: | ||
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A''' | | width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A''' | ||
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B''' | | width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B''' | ||
− | |||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00 | | width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00 | ||
Line 49: | Line 48: | ||
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon | | width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon | ||
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security] | | width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security] | ||
− | |||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00 | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00 | ||
− | | valign="middle" height="40" bgcolor="#909090" align="center" colspan=" | + | | valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch |
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00 | | width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00 | ||
Line 58: | Line 56: | ||
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass] | | width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass] | ||
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon | | width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon | ||
− | | width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security] | + | | width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]<!-- Day 2 --> |
− | |||
|} | |} | ||
====Talks 11/12==== | ====Talks 11/12==== | ||
Line 67: | Line 64: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | | ||
− | | width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP''' | + | | width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP (146A)''' |
− | | width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools''' | + | | width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools (146B)''' |
− | | width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | ''' | + | | width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Web 2.0 (146C)''' |
− | | width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | ''' | + | | width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''SDLC (152A)''' |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08: | + | | width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:50 |
− | | valign="middle" bgcolor="# | + | | valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" bgcolor="#7b8abd" | 08: | + | | width="67" valign="middle" bgcolor="#7b8abd" | 08:50-09:00 |
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks | | valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 82: | Line 79: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30 | | width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30 | ||
− | | valign="middle" height=" | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]] |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" bgcolor="#7b8abd" | 10:30-11:30 | + | | width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45 |
+ | | valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]] | ||
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height=" | + | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30 |
+ | | valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch | ||
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini |
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20 | ||
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 |
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height=" | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10 |
− | | valign="middle" height=" | + | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55 |
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates | | width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan=" | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson |
− | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="4" | [[SDLC Panel AppSecDC|SDLC Panel]]<br> <br>Pravir Chandra<br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>David Rook<br>Keith Turpin | |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:55-3:00 |
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break | ||
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:00-3:45 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna | ||
− | | width="200" valign="middle" height="120" bgcolor="# | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:45-3:50 |
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break | ||
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:50-4:35 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br> | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br> | ||
Josh Abraham | Josh Abraham | ||
− | |||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:35-4:50 |
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break | ||
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:40-5:30 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies]]<br>Rafal Los |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven |
|- valign="bottom" | |- valign="bottom" | ||
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="60" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="60" bgcolor="#7b8abd" | 5:45-8:00 |
− | | valign="middle" height="60" bgcolor="# | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (151)<br>Sponsored by [[Image:AppSecDC2009-Sponsor-cenzic.gif|link=http://www.cenzic.com/]]<!-- Day 2 --> |
|} | |} | ||
====Talks 11/13==== | ====Talks 11/13==== | ||
Line 145: | Line 159: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | | ||
− | | width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | ''' | + | | width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)''' |
− | | width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | ''' | + | | width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack & Defend (146B)''' |
− | | width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics''' | + | | width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)''' |
− | | width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance''' | + | | width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)''' |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" bgcolor="#7b8abd" | | + | | width="67" valign="middle" bgcolor="#7b8abd" | 8:00-9:00 |
− | | valign="middle" bgcolor="# | + | | valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration & Coffee sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]] |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" bgcolor="#7b8abd" | + | | width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45 |
− | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher | |
− | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja | |
− | |||
− | |||
− | |||
− | |||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[ | ||
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[ | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett | ||
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Ofer Shezaf | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Ofer Shezaf | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50 |
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[ | + | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[ | + | |- valign="bottom" |
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35 | ||
+ | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe | ||
+ | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal | ||
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40 |
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[ | + | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[ | + | |- valign="bottom" |
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25 | ||
+ | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen | ||
+ | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]]<br>Dave Wichers | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]]<br>Dave Wichers | ||
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:25-12:30 |
− | | valign="middle" height="40" bgcolor="# | + | | valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch |
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15 |
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen |
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan | ||
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan=" | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] |
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20 | ||
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 |
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson |
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10 |
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break | ||
+ | |- valign="bottom" | ||
+ | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | TBD | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | TBD | ||
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio |
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | ||
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan=" | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:55-3:00 |
− | | width="200" valign="middle" height=" | + | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break |
− | | width="200" valign="middle" height=" | + | |- valign="bottom" |
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan=" | + | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:00-3:45 |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan=" | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Kuai Hinojosa |
+ | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch | ||
+ | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam | ||
+ | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width=" | + | | width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:45-3:50 |
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="67" valign="middle" height="60" bgcolor="#7b8abd" | | + | | width="67" valign="middle" height="60" bgcolor="#7b8abd" | 3:50-4:00 |
− | | valign="middle" height="60" bgcolor="# | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146C) <br> Mark Bristow, Rex Booth, Doug Wilson |
|} | |} | ||
<headertabs /> | <headertabs /> |
Revision as of 00:50, 4 November 2009
Back to Conference Page
Please note, speaking times are not final, check back regularly for updates.
Training 11/10
Day 1 - Nov 10th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | Room 155 | |
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 1: Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
Training 11/11
Day 2 - Nov 11th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | ||
09:00-12:00 | Day 2: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 2: Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security | |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security |