This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSec US 2010, CA"
From OWASP
KateHartmann (talk | contribs) |
|||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
| − | [[Image:Appsec banner.png|AppSec USA 2010 Banner]] | + | [[Image:Appsec banner.png|661x83px|AppSec USA 2010 Banner]] |
| − | [http://www.studentcenter.uci.edu/meetings/bookables/rooms.php UC Irvine Conference Center] | [http://guest.cvent.com/i.aspx?4W%2cM3%2c3c8f8c26-a4b3-40d6-9daa-1f541ea0ccc2 CLICK HERE TO REGISTER] | + | [http://www.studentcenter.uci.edu/meetings/bookables/rooms.php UC Irvine Conference Center] | [http://guest.cvent.com/i.aspx?4W%2cM3%2c3c8f8c26-a4b3-40d6-9daa-1f541ea0ccc2 CLICK HERE TO REGISTER]<br> <!-- Header --> |
| − | + | ==== Welcome ==== | |
| − | |||
| − | ==== Welcome ==== | ||
{| style="width: 100%;" | {| style="width: 100%;" | ||
|- | |- | ||
| style="width: 100%; color: rgb(0, 0, 0);" | | | style="width: 100%; color: rgb(0, 0, 0);" | | ||
| − | {| style=" | + | {| style="background: none repeat scroll 0% 0% transparent; width: 100%; -moz-background-inline-policy: continuous;" |
|- | |- | ||
| style="width: 95%; color: rgb(0, 0, 0);" | | | style="width: 95%; color: rgb(0, 0, 0);" | | ||
| Line 23: | Line 21: | ||
OWASP member registration $325 Non-member registration $375 Student registration (ID required at conference) $250 | OWASP member registration $325 Non-member registration $375 Student registration (ID required at conference) $250 | ||
| − | Early-bird rates available till July 31. | + | Early-bird rates available till July 31. |
<br> '''Press Release January 23rd, 2010 -- [http://owasp.blogspot.com/2010/01/owasp-q1-2010-newsletter.html Event Announced!]''' | <br> '''Press Release January 23rd, 2010 -- [http://owasp.blogspot.com/2010/01/owasp-q1-2010-newsletter.html Event Announced!]''' | ||
| Line 60: | Line 58: | ||
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | |} <!-- End Banner --> | | style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | |} <!-- End Banner --> | ||
| − | ==== Training | + | ==== Training September 7th and 8th ==== |
| − | {| | + | {| border="0" align="center" style="width: 80%;" |
| − | + | |- | |
| − | + | ! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T1. Web Security Testing - 2-Days - $1350 | |
| − | + | |- | |
| + | | style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summary | ||
Instructor: Joe Basirico, Security Innovation | Instructor: Joe Basirico, Security Innovation | ||
| − | + | ||
| − | {| | + | |} |
| − | ! align="center" style="background: | + | |
| − | + | {| border="0" align="center" style="width: 80%;" | |
| − | + | |- | |
| − | Instructor: Dave Wichers: [http://www.aspectsecurity.com | + | ! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350 |
| − | + | |- | |
| − | + | | style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summary | |
| − | + | Instructor: Dave Wichers: [http://www.aspectsecurity.com [[Image:|Aspect_logo.gif]]] | |
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | + | ! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350 | |
|- | |- | ||
| − | ! align="center" style="background: | + | | style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summary |
| − | + | Instructor: Justin Serle, InGuardians | |
| − | + | ||
| − | Instructor: | + | |- |
| + | ! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T4. Application Security Leadership Essentials - 2-Days - $1350 | ||
| + | |- | ||
| + | | style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summary | ||
| + | Instructor: Jeff Williams: [http://www.aspectsecurity.com [[Image:|Aspect_logo.gif]]] | ||
| + | |||
| + | |- | ||
| + | ! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675 | ||
| + | |- | ||
| + | | style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summary | ||
| + | Instructor: Dan Cornell: [http://www.denimgroup.com [[Image:|AppSecDC2009-Sponsor-denim.gif]]] | ||
|} | |} | ||
| + | {| border="0" align="center" style="width: 80%;" | ||
| + | |- | ||
| + | ! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T6. Live CD 1-Day - Sept 8th- $675 | ||
| + | |- | ||
| + | | style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summary | ||
| + | Instructor: Matt Tesauro: [http://www.trustwave.com [[Image:|TrustwaveLogo.jpg]]] | ||
| − | ==== Schedule September 9th ==== | + | |} |
| + | |||
| + | <br> | ||
| + | |||
| + | ==== Schedule September 9th ==== | ||
{| border="0" align="center" style="width: 80%;" | {| border="0" align="center" style="width: 80%;" | ||
|- | |- | ||
| − | | align="center | + | | align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="4" | '''Conference Day 1 - September 9th, 2010''' |
| − | + | <br> | |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br> | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br> | ||
| − | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Crystal Cove Auditorium | + | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Crystal Cove Auditorium |
| − | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Pacific Ballroom | + | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Pacific Ballroom |
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Doheny Beach | | style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Doheny Beach | ||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 07:30-08:30 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 07:30-08:30 | ||
| − | | align="left | + | | align="left" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Registration and Breakfast + Coffee |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-08:45 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-08:45 | ||
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" colspan="3" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:45-9:30 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:45-9:30 | ||
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" colspan="3" | #Keynote: Jeff Williams (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 9:30-10:15 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 9:30-10:15 |
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" colspan="3" | #Keynote: Chenxi Wang (Crystal Cove Auditorium) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15-10:35 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15-10:35 | ||
| − | | align="left | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF kick-off (Emerald Bay) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:35-11:20 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:35-11:20 | ||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | How I met your Girlfriend, ''Sammy Kamkar''<br> | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | How I met your Girlfriend, ''Sammy Kamkar''<br> | ||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br> | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br> | ||
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Microsoft Security Development Lifecycle for Agile Development, ''Nick Coblentz, AT&T'' | |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Microsoft Security Development Lifecycle for Agile Development, ''Nick Coblentz, AT&T'' | ||
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:20-11:30 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:20-11:30 |
| − | | align="left | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:15 | ||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | State of SL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br> | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | State of SL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br> |
| + | <br> | ||
| + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br> | ||
| + | <br> | ||
| − | |||
| − | |||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Threat Modeling Best Practices, Robert Zigweid, IOActive<br> | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Threat Modeling Best Practices, Robert Zigweid, IOActive<br> | ||
| − | |||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:15-13:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:15-13:15 | ||
| − | | align="left | + | | align="left" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Lunch - Expo - CTF |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:15 | ||
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" colspan="3" | Bill Cheswick (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:15-14:25 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:15-14:25 |
| − | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF | |
|- | |- | ||
| − | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:25-15:10 | |
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:25-15:10 | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br> |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br> | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan''<br> |
| − | |||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan''<br> | ||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing'' | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing'' | ||
|- | |- | ||
| − | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:30 | |
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:30 | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Coffee Break - Expo - CTF |
| − | |||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:30-16:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:30-16:15 | ||
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, ''Dan Cornell, Denim Group''<br> | |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Smart Phones with Dumb Apps: | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br> |
| − | |||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br> | ||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP State of the Union, ''Tom Brennan, OWASP'' | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP State of the Union, ''Tom Brennan, OWASP'' | ||
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:15-16:25 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:15-16:25 |
| − | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF | |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:25-17:10 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:25-17:10 |
| − | | align="center | + | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" colspan="3" | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz |
| − | |||
|} | |} | ||
| − | ==== Schedule September 10th ==== | + | ==== Schedule September 10th ==== |
{| border="0" align="center" style="width: 80%;" | {| border="0" align="center" style="width: 80%;" | ||
|- | |- | ||
| − | | align="center | + | | align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="4" | '''Conference Day 2 - September 10th, 2010''' |
| − | + | <br> | |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br> | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br> | ||
| − | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Crystal Cove Auditorium | + | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Crystal Cove Auditorium |
| − | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Pacific Ballroom | + | | style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Pacific Ballroom |
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Doheny Beach | | style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Doheny Beach | ||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:00-09:00 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:00-09:00 | ||
| − | | align="left | + | | align="left" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Coffee - Expo - CTF |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:15 | ||
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" colspan="3" | Announcements (Crystal Cove Auditorium) |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:15-10:00 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:15-10:00 | ||
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" colspan="3" | #Keynote: David Rice (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:10 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:10 |
| − | | align="left | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF (Emerald Bay) |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:55 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:55 |
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br> | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br> | ||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br> | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br> | ||
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Real Time Application Defenses - The Reality of AppSensor & ESAPI, ''Michael Coates, Mozilla,'' | |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Real Time Application Defenses - The Reality of AppSensor & ESAPI, ''Michael Coates, Mozilla,'' | ||
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:55-11:15 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:55-11:15 |
| − | | align="left | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15-12:00 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15-12:00 | ||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Reducing Web application Vulnerabilities: | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, ''Ed Adams, Security Innovation''<br> |
| + | <br> | ||
| + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Session Management Security tips and Tricks, ''Lars Ewe, Cenzic''<br> | ||
| + | <br> | ||
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, ''Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs''<br> | |
| − | |||
| − | |||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Dark Side of Twitter: | ||
| − | |||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:15 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:15 | ||
| − | | align="left | + | | align="left" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Lunch - Expo - CTF |
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:14-14:00 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:14-14:00 | ||
| − | | align="center | + | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" colspan="3" | HD Moore (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:04-14:50 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:04-14:50 |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panal Discussion: | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panal Discussion: Vulnerability Lifecycle for Software Vendors, ''Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver''<br> |
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Agile + Security = FAIL, ''Adrian Lane''<br> | |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Agile + Security = FAIL, ''Adrian Lane''<br> | ||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies'' | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies'' | ||
|- | |- | ||
| − | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:50-15:10 | |
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:50-15:10 | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Coffee Break - Expo - CTF |
| − | |||
|- | |- | ||
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:55 | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:55 | ||
| − | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Exploiting Networks through Database Weaknesses, ''Scott Sutherland, NetSPI''<br> | |
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Exploiting Networks through Database Weaknesses, ''Scott Sutherland, NetSPI''<br> | + | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br> |
| − | |||
| − | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br> | ||
| − | |||
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | ''TBD'' | | align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | ''TBD'' | ||
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:55-16:05 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:55-16:05 |
| − | + | | align="left" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" colspan="3" | Break - Expo - CTF | |
|- | |- | ||
| − | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:05-16:50 | + | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:05-16:50 |
| − | | align="center | + | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" colspan="3" | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes |
| − | |||
|} | |} | ||
| Line 289: | Line 276: | ||
| 2-Day Training Course | | 2-Day Training Course | ||
|- | |- | ||
| − | | $675 | + | | $675 |
| 1-Day Training Course | | 1-Day Training Course | ||
|} | |} | ||
| Line 325: | Line 312: | ||
<br> | <br> | ||
| + | <br> | ||
==== Venue ==== | ==== Venue ==== | ||
| Line 348: | Line 336: | ||
== Sponsors == | == Sponsors == | ||
| − | We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our [http://www.appsecusa.org/become-a-sponsor.html List of Sponsorship Opportunities] (or [http://www.owasp.org/images/b/b3/OWASP_sponsorship_Irvine.pdf PDF]). | + | We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our [http://www.appsecusa.org/become-a-sponsor.html List of Sponsorship Opportunities] (or [http://www.owasp.org/images/b/b3/OWASP_sponsorship_Irvine.pdf PDF]). |
Please contact [mailto:[email protected] Kate Hartmann] for more information. | Please contact [mailto:[email protected] Kate Hartmann] for more information. | ||
| − | Slots are going fast so contact us to sponsor today! | + | Slots are going fast so contact us to sponsor today! |
| − | | + | |
| − | {| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0% | + | {| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0% transparent; -moz-background-inline-policy: continuous; color: white;" |
|- | |- | ||
| | | | ||
| − | == Platinum Sponsors == | + | == Platinum Sponsors == |
| | | | ||
| Line 369: | Line 357: | ||
|- | |- | ||
| | | | ||
| − | == Gold Sponsors == | + | == Gold Sponsors == |
| [[Image:Ibmneg blurgb.jpg]] | | [[Image:Ibmneg blurgb.jpg]] | ||
| Line 378: | Line 366: | ||
|- | |- | ||
| | | | ||
| − | == Silver Sponsors == | + | == Silver Sponsors == |
| [[Image:AppSecDC2009-Sponsor-fishnet.gif]] | | [[Image:AppSecDC2009-Sponsor-fishnet.gif]] | ||
| Line 405: | Line 393: | ||
|- | |- | ||
| | | | ||
| − | === Organizational Sponsors === | + | === Organizational Sponsors === |
| [[Image:Isc2 logo.gif|120px]] | | [[Image:Isc2 logo.gif|120px]] | ||
| Line 413: | Line 401: | ||
|- | |- | ||
| | | | ||
| − | === Reception Sponsors === | + | === Reception Sponsors === |
| | | | ||
|- | |- | ||
| | | | ||
| − | === Coffee Sponsors === | + | === Coffee Sponsors === |
| | | | ||
Revision as of 20:05, 16 July 2010
UC Irvine Conference Center | CLICK HERE TO REGISTER
Welcome
|
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | |}
Training September 7th and 8th
| T1. Web Security Testing - 2-Days - $1350 |
|---|
| Summary
Instructor: Joe Basirico, Security Innovation |
| T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350 |
|---|
| Summary
Instructor: Dave Wichers: [[Image:|Aspect_logo.gif]] |
| T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350 |
| Summary
Instructor: Justin Serle, InGuardians |
| T4. Application Security Leadership Essentials - 2-Days - $1350 |
| Summary
Instructor: Jeff Williams: [[Image:|Aspect_logo.gif]] |
| T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675 |
| Summary
Instructor: Dan Cornell: [[Image:|AppSecDC2009-Sponsor-denim.gif]] |
| T6. Live CD 1-Day - Sept 8th- $675 |
|---|
| Summary
Instructor: Matt Tesauro: [[Image:|TrustwaveLogo.jpg]] |
Schedule September 9th
| Conference Day 1 - September 9th, 2010
| |||
| |
Track 1 - Crystal Cove Auditorium | Track 2 - Pacific Ballroom | Track 3 - Doheny Beach |
| 07:30-08:30 | Registration and Breakfast + Coffee | ||
| 08:30-08:45 | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium) | ||
| 08:45-9:30 | #Keynote: Jeff Williams (Crystal Cove Auditorium) | ||
| 9:30-10:15 | #Keynote: Chenxi Wang (Crystal Cove Auditorium) | ||
| 10:15-10:35 | Break - Expo - CTF kick-off (Emerald Bay) | ||
| 10:35-11:20 | How I met your Girlfriend, Sammy Kamkar |
Solving Real-World Problems with an Enterprise Security API (ESAPI), Chris Schmidt, ServiceMagic |
Microsoft Security Development Lifecycle for Agile Development, Nick Coblentz, AT&T |
| 11:20-11:30 | Break - Expo - CTF | ||
| 11:30-12:15 | State of SL on the Internet - 2010 Survey, Results and Conclusions, Ivan Ristic, Qualys
|
Into the Rabbit Hole: Execution Flow-based Web Application Testing, Rafal Los, Hewlett-Packard
|
Threat Modeling Best Practices, Robert Zigweid, IOActive |
| 12:15-13:15 | Lunch - Expo - CTF | ||
| 13:30-14:15 | Bill Cheswick (Crystal Cove Auditorium) | ||
| 14:15-14:25 | Break - Expo - CTF | ||
| 14:25-15:10 | P0w3d for Botnet CnC, Gunter Ollmann, Damballa |
Cloud Computing, A Weapon of Mass Destruction?, David Bryan |
The Secure Coding Practices Quick Reference Guide, Keith Turpin, Boeing |
| 15:10-15:30 | Coffee Break - Expo - CTF | ||
| 15:30-16:15 | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, Dan Cornell, Denim Group |
Assessing, Testing and Validating Flash Content, Peleus Uhley, Adobe |
OWASP State of the Union, Tom Brennan, OWASP |
| 16:15-16:25 | Break - Expo - CTF | ||
| 16:25-17:10 | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz | ||
Schedule September 10th
| Conference Day 2 - September 10th, 2010
| |||
| |
Track 1 - Crystal Cove Auditorium | Track 2 - Pacific Ballroom | Track 3 - Doheny Beach |
| 08:00-09:00 | Coffee - Expo - CTF | ||
| 09:00-09:15 | Announcements (Crystal Cove Auditorium) | ||
| 09:15-10:00 | #Keynote: David Rice (Crystal Cove Auditorium) | ||
| 10:00-10:10 | Break - Expo - CTF (Emerald Bay) | ||
| 10:10-10:55 | Security Architecting Applications for the Cloud, Alex Stamos, iSEC Partners |
Unraveling Cross-Technology, Cross-Domain Trust Relations, Peleus Uhley, Adobe |
Real Time Application Defenses - The Reality of AppSensor & ESAPI, Michael Coates, Mozilla, |
| 10:55-11:15 | Break - Expo - CTF | ||
| 11:15-12:00 | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, Ed Adams, Security Innovation
|
Session Management Security tips and Tricks, Lars Ewe, Cenzic
|
The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs |
| 12:00-13:15 | Lunch - Expo - CTF | ||
| 13:14-14:00 | HD Moore (Crystal Cove Auditorium) | ||
| 14:04-14:50 | Panal Discussion: Vulnerability Lifecycle for Software Vendors, Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver |
Agile + Security = FAIL, Adrian Lane |
Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, Aditya K. Sood, Armorize Technologies |
| 14:50-15:10 | Coffee Break - Expo - CTF | ||
| 15:10-15:55 | Exploiting Networks through Database Weaknesses, Scott Sutherland, NetSPI |
Defining the Identiy Management Framework, Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy |
TBD |
| 15:55-16:05 | Break - Expo - CTF | ||
| 16:05-16:50 | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes | ||
Registration
Registration Now Open!
OWASP Membership ($50 annual membership fee) gets you a discount of $50.
| $375 Until 7/31/2010 | Non-Members | After 7/31/2010 - $445 |
| $325 Until 7/31/2010 | OWASP Members | After 7/31/2010 - $395 |
| $250 | Students with valid Student ID | |
| $375 Until 7/31/2010 | New Registration Option! Become an OWASP Member and attend the event! | |
| $1350 | 2-Day Training Course | |
| $675 | 1-Day Training Course |
Who Should Attend AppSec USA 2010:
- Application Developers
- Application Testers and Quality Assurance
- Application Project Management and Staff
- Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
- Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
- Security Managers and Staff
- Executives, Managers, and Staff Responsible for IT Security Governance
- IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.
Volunteer
Volunteers Needed!
Get involved!
We will take all the help we can get to pull off the best Web Application Security Conference of the year! Volunteers get free admission and invitation to the VIP event. This is your chance to rub elbows with the big players and mingle with potential networking contacts or even future employers!
Please contact neil(at)owasp.org to volunteer for a specific area:
- Security
- Speakers and Trainers
- Vendors
- Facilities
More opportunities and areas will be added as time goes on. Our File:Volunteer Sheet.doc can be downloaded which outlines some of the responsibilities and available positions. Note: this document references the the DC conference last year, this is just for a general guideline. Updated document coming soon.
Venue
UC Irvine Conference Center Center
AppSec USA 20010 will be taking place at the UC Irvine Conference Center in Irvine, CA.
Hotel
We have reached a deal with Hyatt Regency of Irvine. The standard room rate will be $109. The hotel will be offering a shuttle service to and from both the UC Irvine campus as well as the John Wayne Airport!
Space is limited so be sure to book sooner than later. Please use this link to reserve a room https://resweb.passkey.com/go/owasp2010
UC Irvine also has special arrangements with local hotels here
Sponsors
Sponsors
We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our List of Sponsorship Opportunities (or PDF).
Please contact Kate Hartmann for more information.
Slots are going fast so contact us to sponsor today!
Platinum Sponsors |
[File:Qualys-468-60.png] | |||
Gold Sponsors |
|
|
||
Silver Sponsors |
|
|
|
|
Organizational Sponsors |
|
|||
Reception Sponsors |
||||
Coffee Sponsors |
