Difference between revisions of "Mrb Scratchpad"

Revision as of 05:34, 3 November 2009

Back to Conference Page

Please note, speaking times are not final, check back regularly for updates.

Training 11/10

Day 1 - Nov 10th 2009
	Room 154A	Room 149B	Room 149A	Room 154B	Room 155
09:00-12:00	Day 1: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Day 1: Java EE Secure Code Review Sahba Kazerooni Security Compass	Threat Modeling Express Krishna Raja Security Compass	Foundations of Web Services and XML Security Dave Wichers Aspect Security	Live CD Matt Tesauro
12:00-13:00	Lunch
13:00-17:00	Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Java EE Secure Code Review Sahba Kazerooni Security Compass	Threat Modeling Express Krishna Raja Security Compass	Foundations of Web Services and XML Security Dave Wichers Aspect Security	Live CD Matt Tesauro

Training 11/11

Day 2 - Nov 11th 2009
	Room 154A	Room 149B	Room 149A	Room 154B
09:00-12:00	Day 2: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Day 2: Java EE Secure Code Review Sahba Kazerooni Security Compass	WebAppSec.php: Developing Secure Web Applications Robert Zakon	Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security
12:00-13:00	Lunch
13:00-17:00	Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Java EE Secure Code Review Sahba Kazerooni Security Compass	WebAppSec.php: Developing Secure Web Applications Robert Zakon	Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security

Talks 11/12

Day 1 - Nov 12th 2009
	OWASP (146A)	Tools (146B)	Web 2.0 (146C)	SDLC (152A)
07:30-08:50	Registration
08:50-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote: Joe Jarzombek
10:00-10:30	All about OWASP OWASP Board
10:30-10:45	Coffee Break sponsored by
10:45-11:30	OWASP ESAPI Jeff Williams	Clubbing WebApps with a Botnet Gunter Ollmann	Understanding the Implications of Cloud Computing on Application Security Dennis Hurst	Enterprise Application Security - GE's approach to solving root cause Darren Challey
11:30-12:30	Hosted Lunch
12:30-1:15	Software Assurance Maturity Model (SAMM) Pravir Chandra	The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security Jacob West	Transparent Proxy Abuse Robert Auger	Software Development The Next Security Frontier Jim Molini
1:15-1:20	Break
1:20-2:05	DISA's Application Security and Development STIG: How OWASP Can Help You Jason Li	OWASP ModSecurity Core Rule Set Project Ryan C. Barnett	Development Issues Within AJAX Applications: How to Divert Threats Lars Ewe	The essential role of infosec in secure software development Kenneth R. van Wyk
2:05-2:10	Break
2:10-2:55	Defend Yourself: Integrating Real Time Defenses into Online Applications Michael Coates	Finding the Hotspots: Web-security testing with the Watcher tool Chris Weber	Social Zombies: Your Friends Want to Eat Your Brains Tom Eston/Kevin Johnson	SDLC Panel Pravir Chandra Dan Cornell Michael Craigue Dennis Hurst Joey Peloquin David Rook Keith Turpin
2:55-3:00	Break		Break
3:00-3:45	The ESAPI Web Application Firewall Arshan Dabirsiaghi	One Click Ownage Ferruh Mavituna	Cloudy with a chance of 0-day Jon Rose/Tom Leavey
		Web Application Security Scanner Evaluation Criteria Brian Shura
3:45-3:50	Break
3:50-4:35	OWASP Live CD: An open environment for Web Application Security Matt Tesauro / Brad Causey	Learning by Breaking: A New Project Insecure Web Apps Chuck Willis	Attacking WCF Web Services Brian Holyfield	Vulnerability Management in an Application Security World Dan Cornell
		Synergy! A world where the tools communicate Josh Abraham
4:35-4:50	Break
4:40-5:30	The Entrepreneur's Guide to Career Management Lee Kushner	Advanced SSL: The good, the bad, and the ugly Michael Coates	When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies Rafal Los	Threat Modeling John Steven
		User input piercing for Cross Site Scripting Attacks Matias Blanco
5:45-8:00	Cocktails and hors d'oeuvres in the EXPO Room (151) Sponsored by

Talks 11/13

Day 2 - Nov 13th 2009
	Process (146A)	Attack & Defend (146B)	Metrics (146C)	Compliance (152A)
8:00-9:00	Registration & Coffee sponsored by
9:00-9:45	The Big Picture: Web Risks and Assessments Beyond Scanning Matt Fisher	Securing the Core JEE Patterns Rohit Sethi/Krishna Raja	The Web Hacking Incidents Database Ryan C. Barnett	Business Logic Automatons: Friend or Foe? Ofer Shezaf
9:45-9:50	Break
9:50-10:35	Scalable Application Assessments in the Enterprise Tom Parker/Lars Ewe	Unicode Transformations: Finding Elusive Vulnerabilities Chris Weber	Application security metrics from the organization on down to the vulnerabilities Chris Wysopal	SCAP: Automating our way out of the Vulnerability Wheel of Pain Ed Bellis
10:35-10:40	Break
10:40-11:25	Secure Software Updates: Update Like Conficker Jeremy Allen	Malicious Developers and Enterprise Java Rootkits Jeff Williams	OWASP Top 10 - 2010 Dave Wichers	Secure SDLC: The Good, The Bad, and The Ugly Joey Peloquin
11:25-12:30	Hosted Lunch
12:30-1:15	Improving application security after an incident Cory Scott	The 10 least-likely and most dangerous people on the Internet Robert Hansen	Hacking by Numbers Tom Brennan	Federal CISO Panel
1:15-1:20	Break
1:20-2:05	Custom Intrusion Detection Techniques for Monitoring Web Applications Matthew Olney	Automated vs. Manual Security: You can't filter The Stupid David Byrne/Charles Henderson	Building an in-house application security assessment team Keith Turpin
2:05-2:10	Break
2:10-2:55	TBD	TBD	The OWASP Security Spending Benchmarks Project Dr. Boaz Gelbord	Promoting Application Security within Federal Government Sarbari Gupta
2:55-3:00	Break
3:00-3:45	Deploying Secure Web Applications with OWASP Resources Kuai Hinojosa	Manipulating Web Application Interfaces, a new approach to input validation Felipe Moreno-Strauch	SANS Dshield Webhoneypot Project Jason Lam	Techniques in Attacking and Defending XML/Web Services Mamoon Yunus/Jason Macy
3:00-3:45		Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers Kevin Johnson, Justin Searle, Frank DiMaggio	SANS Dshield Webhoneypot Project Jason Lam
3:45-3:50	Break
3:50-4:00	Closing Remarks (146C) Mark Bristow, Rex Booth, Doug Wilson

Back to Conference Page

@@ Line 1: / Line 1: @@
+__NOTOC__
 __NOTOC__
@@ Line 162: / Line 164: @@
 |- valign="bottom"
 | width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
-| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Attack &amp; Defend (146C)'''
+| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)'''
-| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Process (146B)'''
+| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack &amp; Defend (146B)'''
-| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (152A)'''
+| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)'''
-| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (146A)'''
+| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)'''
 |- valign="bottom"
 | width="67" valign="middle" bgcolor="#7b8abd" | 8:00-9:00
@@ Line 171: / Line 173: @@
 |- valign="bottom"
 | width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Ofer Shezaf
@@ Line 180: / Line 182: @@
 |- valign="bottom"
 | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis
@@ Line 189: / Line 191: @@
 |- valign="bottom"
 | width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]]<br>Dave Wichers
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin
@@ Line 198: / Line 200: @@
 |- valign="bottom"
 | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Improving application security after an incident]]<br>Cory Scott
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]]
@@ Line 207: / Line 209: @@
 |- valign="bottom"
 | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
-| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney
+| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin
 |- valign="bottom"
@@ Line 224: / Line 226: @@
 |- valign="bottom"
 | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:00-3:45
-| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch
+| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Kuai Hinojosa
-| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Kuai Hinojosa
+| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy
@@ Line 238: / Line 240: @@
 |}
 <headertabs />
+===[[OWASP AppSec DC 2009|Back to Conference Page]]===
+[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_09]]
 ===[[OWASP AppSec DC 2009|Back to Conference Page]]===

Difference between revisions of "Mrb Scratchpad"

Revision as of 05:34, 3 November 2009

Back to Conference Page

Training 11/10

Training 11/11

Talks 11/12

Talks 11/13

Back to Conference Page

Back to Conference Page

Back to Conference Page

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools