This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSec US 2010, CA"
KateHartmann (talk | contribs) |
KateHartmann (talk | contribs) |
||
| Line 97: | Line 97: | ||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-08:45 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-08:45 | ||
| − | | align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Welcome to OWASP AppSec US, 2010 | + | | align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:45-9:30 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:45-9:30 | ||
| − | | align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | #Keynote: Jeff Williams | + | | align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | #Keynote: Jeff Williams (Crystal Cove Auditorium) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 9:30-10:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 9:30-10:15 | ||
| − | | align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | #Keynote: Chenxi Wang | + | | align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | #Keynote: Chenxi Wang (Crystal Cove Auditorium) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15-10:35 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15-10:35 | ||
| − | | align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF kick-off | + | | align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF kick-off (Emerald Bay) |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10: | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:35-11:20 |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | How I met your Girlfriend, ''Sammy Kamkar''<br> |
| − | '' | ||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br> |
| − | '' | ||
| − | |||
| − | |||
| − | |||
| + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Microsoft Security Development Lifecycle for Agile Development, ''Nick Coblentz, AT&T'' | ||
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:20-11:30 |
| − | | align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF | + | | align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11: | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:15 |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | State of SL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br> |
| − | |||
| − | |||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br> |
| − | '' | ||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb( | + | |
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Threat Modeling Best Practices, Robert Zigweid, IOActive<br> | |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12: | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:15-1:15 |
| − | | align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch - Expo - CTF | + | | align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch - Expo - CTF |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:45-14:20 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:45-14:20 | ||
Revision as of 17:33, 16 July 2010
UC Irvine Conference Center | CLICK HERE TO REGISTER
Welcome
|
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | |}
Agenda/Schedule
| Conference Day 1 - September 9th, 2010
| |||
| |
Track 1 - Crystal Cove Auditorium | Track 2 - Pacific Ballroom | Track 3 - Doheny Beach |
| 07:30-08:30 | Registration and Breakfast + Coffee | ||
| 08:30-08:45 | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium) | ||
| 08:45-9:30 | #Keynote: Jeff Williams (Crystal Cove Auditorium) | ||
| 9:30-10:15 | #Keynote: Chenxi Wang (Crystal Cove Auditorium) | ||
| 10:15-10:35 | Break - Expo - CTF kick-off (Emerald Bay) | ||
| 10:35-11:20 | How I met your Girlfriend, Sammy Kamkar |
Solving Real-World Problems with an Enterprise Security API (ESAPI), Chris Schmidt, ServiceMagic |
Microsoft Security Development Lifecycle for Agile Development, Nick Coblentz, AT&T |
| 11:20-11:30 | Break - Expo - CTF | ||
| 11:30-12:15 | State of SL on the Internet - 2010 Survey, Results and Conclusions, Ivan Ristic, Qualys
|
Into the Rabbit Hole: Execution Flow-based Web Application Testing, Rafal Los, Hewlett-Packard
|
Threat Modeling Best Practices, Robert Zigweid, IOActive |
| 12:15-1:15 | Lunch - Expo - CTF | ||
| 13:45-14:20 |  #(New) Object Capabilities and Isolation of Untrusted Web Applications (pdf)
Sergio Maffeis, Imperial College, London |
 #Beyond the Same-Origin Policy (pdf)
Jasvir Nagra and Mike Samuel, Google |
 #SmashFileFuzzer - a New File Fuzzer Tool (pdf)
Komal Randive, Symantec |
| 14:30-15:05 | #Security Toolbox for .NET Development and Testing (pdf)
Johan Lindfors and Dag König, Microsoft |
#Cross-Site Location Jacking (XSLJ) (not really) (pdf)
David Lindsay, Cigital |
#Owning Oracle: Sessions and Credentials (pdf)
Wendel G. Henrique and Steve Ocepek, Trustwave |
| 15:05-15:30 | Break - Expo - CTF, Coffee break sponsoring position open ($2,000) | ||
| 15:30-16:05 | #Value Objects a la Domain-Driven Security: A Design Mindset to Avoid SQL Injection and Cross-Site Scripting (pdf)
Dan Bergh Johnsson, Omegapoint |
#Automated vs. Manual Security: You Can't Filter "The Stupid" (pdf not available yet) David Byrne and Charles Henderson, Trustwave |
#Session Fixation - the Forgotten Vulnerability? (pdf)
Michael Schrank and Bastian Braun, University of Passau |
| 16:15-17:00 | Panel Discussion: "Is Application Security a Losing Battle?" ([[Media:|pdf]]) | ||
| 19:00-23:00 | 
|
Gala Dinner at Stockholm City Hall Sponsored by 
|
|
Registration
Registration Now Open!
OWASP Membership ($50 annual membership fee) gets you a discount of $50.
| $375 Until 7/31/2010 | Non-Members | After 7/31/2010 - $445 |
| $325 Until 7/31/2010 | OWASP Members | After 7/31/2010 - $395 |
| $250 | Students with valid Student ID | |
| $375 Until 7/31/2010 | New Registration Option! Become an OWASP Member and attend the event! | |
| $1350 | 2-Day Training Course | |
| $675 | 1-Day Training Course |
Who Should Attend AppSec USA 2010:
- Application Developers
- Application Testers and Quality Assurance
- Application Project Management and Staff
- Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
- Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
- Security Managers and Staff
- Executives, Managers, and Staff Responsible for IT Security Governance
- IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.
Volunteer
Volunteers Needed!
Get involved!
We will take all the help we can get to pull off the best Web Application Security Conference of the year! Volunteers get free admission and invitation to the VIP event. This is your chance to rub elbows with the big players and mingle with potential networking contacts or even future employers!
Please contact neil(at)owasp.org to volunteer for a specific area:
- Security
- Speakers and Trainers
- Vendors
- Facilities
More opportunities and areas will be added as time goes on. Our File:Volunteer Sheet.doc can be downloaded which outlines some of the responsibilities and available positions. Note: this document references the the DC conference last year, this is just for a general guideline. Updated document coming soon.
Training
| T1. Web Security Testing - 2-Days - $1350 | ||||
|---|---|---|---|---|
| Summary
Instructor: Joe Basirico, Security Innovation |
| T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350 | ||||
|---|---|---|---|---|
| Summary
Instructor: Dave Wichers: | ||||
| T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350 | ||||
| Summary
Instructor: Justin Serle, InGuardians | ||||
| T4. Application Security Leadership Essentials - 2-Days - $1350 | ||||
| Summary
Instructor: Jeff Williams: | ||||
| T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675 | ||||
| Summary
Instructor: Dan Cornell: |
| T6. Live CD 1-Day - Sept 8th- $675 |
|---|
| Summary
Instructor: Matt Tesauro: |
Venue
UC Irvine Conference Center Center
AppSec USA 20010 will be taking place at the UC Irvine Conference Center in Irvine, CA.
Hotel
We have reached a deal with Hyatt Regency of Irvine. The standard room rate will be $109. The hotel will be offering a shuttle service to and from both the UC Irvine campus as well as the John Wayne Airport!
Space is limited so be sure to book sooner than later. Please use this link to reserve a room https://resweb.passkey.com/go/owasp2010
UC Irvine also has special arrangements with local hotels here
Sponsors
Sponsors
We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our List of Sponsorship Opportunities (or PDF).
Please contact Kate Hartmann for more information.
Slots are going fast so contact us to sponsor today!
Platinum Sponsors |
[File:Qualys-468-60.png] | |||
Gold Sponsors |
|
|
||
Silver Sponsors |
|
|
|
|
Organizational Sponsors |
|
|||
Reception Sponsors |
||||
Coffee Sponsors |
Travel
Traveling to the OC Metro Area
