This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "MRB Scratchpad"
From OWASP
Mark.bristow (talk | contribs) |
Mark.bristow (talk | contribs) |
||
Line 108: | Line 108: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 117: | Line 117: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 126: | Line 126: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3"| Federal CIO Panel <br><br> Video | Slides |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:35 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:35 | ||
− | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan=" | + | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break |
+ | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="1" | Break | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:35-3:25 | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:35-3:25 | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides | ||
− | |||
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 144: | Line 144: | ||
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Seth Law<br><br> Video | Slides] | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Seth Law<br><br> Video | Slides] | ||
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides | ||
− | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[ | + | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides |
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
Line 150: | Line 150: | ||
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan=" | + | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:40-5:30 |
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan=" | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | Pen-Test Panel <br><br> Video | Slides |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides |
− | | width="200" valign="middle" height=" | + | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides |
+ | |- valign="bottom" | ||
+ | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:30-5:40 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:30-5:40 | ||
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break | ||
|- valign="bottom" | |- valign="bottom" | ||
− | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan=" | + | | width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 5:40-6:30 |
− | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides |
− | | width="200" valign="middle" height=" | + | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video|Slides |
− | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides | + | | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides |
+ | |- valign="bottom" | ||
+ | | width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:30-8:30 | | width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:30-8:30 | ||
Line 207: | Line 211: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 12:05-12:15 | | width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 12:05-12:15 | ||
− | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan=" | + | | valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break |
− | |||
|- valign="bottom" | |- valign="bottom" | ||
| width="72" valign="middle" bgcolor="#7b8abd" | 12:15-1:05 | | width="72" valign="middle" bgcolor="#7b8abd" | 12:15-1:05 |
Latest revision as of 20:59, 12 October 2010
Registration | Hotel | Walter E. Washington Convention Center
Main Conference Page | Presentations Page | Training Page
Training 11/08
Traning Day 1 - Nov 8th 2010 | |||||||
149A | 149B | 145A | 155 | 154B | 159A | 159B | |
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with Samurai-WTFClass Justin Searle & Mike Poor |
Day 1: Leading the AppSec Initative Dave Wichers |
Day 1: Remote Testing for Common Web Application Security Threats David Rhoades |
Day 1: Software Security Best Practices Ben Tomhave |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
The Art of Exploiting SQL Injections Sumit Siddharth |
Practical Web Security Overview Zoltán Hornák |
12:00-13:00 | Lunch | ||||||
13:00-17:00 | Day 1: Assessing and Exploiting Web Applications with Samurai-WTFClass Justin Searle & Mike Poor |
Day 1: Leading the AppSec Initative Dave Wichers |
Day 1: Remote Testing for Common Web Application Security Threats David Rhoades |
Day 1: Software Security Best Practices Ben Tomhave |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
The Art of Exploiting SQL Injections Sumit Siddharth |
Practical Web Security Overview Zoltán Hornák |
Training 11/09
Traning Day 1 - Nov 8th 2010 | |||||||
149A | 149B | 145A | 155 | 154B | 159A | 159B | |
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with Samurai-WTFClass Justin Searle & Mike Poor |
Day 1: Leading the AppSec Initative Dave Wichers |
Day 1: Remote Testing for Common Web Application Security Threats David Rhoades |
Day 1: Software Security Best Practices Ben Tomhave |
Software Security Remediation: How to Fix Application Vulnerabilities Dan Cornell |
Threat Modeling Express Rohit Sethi & Krishna Raja |
Java Security Overview Zoltán Hornák |
12:00-13:00 | Lunch | ||||||
13:00-17:00 | Day 1: Assessing and Exploiting Web Applications with Samurai-WTFClass Justin Searle & Mike Poor |
Day 1: Leading the AppSec Initative Dave Wichers |
Day 1: Remote Testing for Common Web Application Security Threats David Rhoades |
Day 1: Software Security Best Practices Ben Tomhave |
Software Security Remediation: How to Fix Application Vulnerabilities Dan Cornell |
Threat Modeling Express Rohit Sethi & Krishna Raja |
Java Security Overview Zoltán Hornák |
Plenary Day 1 - 11/10
Plenary Day 1 - Nov 10th 2010 | ||||
Offense (TBD) | Defense (TBD) | Metrics (TBD) | Government (TBD) | |
07:30-08:50 | Registration | |||
08:50-09:00 | Welcome and Opening Remarks | |||
09:00-10:00 | Keynote: Neal Ziring National Secuirty Agency Video | Slides | |||
10:00-10:30 | All about OWASP OWASP Board Video | Slides | |||
10:30-10:45 | Coffee Break | |||
10:45-11:35 | Python Basics for Web App Pentesters Justin Searle Video | Slides |
Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani Video | Slides |
Secure Code Review: Enterprise Metrics Richard Tychansky Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
11:35-11:45 | Break | |||
11:45-12:35 | White and Black box testing of Lotus Domino Applications Ari Elias-bachrach and Casey Pike Video | Slides |
Protecting Federal Government from Web 2.0 Application Security Risks Sarbari Gupta Video | Slides |
Measuring Security: 5 KPIs for Successful Web App Security Programs Rafal Los Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
12:35-1:35 | Lunch | |||
1:35-2:25 | Pen Testing with Iron Andrew Wilson Video | Slides |
Providing application-level assurance through DNSSEC Suresh Krishnaswamy, Wes Hardaker and Russ Mundy Video | Slides |
Federal CIO Panel Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
2:25-2:35 | Break | Break | ||
2:35-3:25 | Hacking Oracle From Web Apps Sumit Siddharth Video | Slides |
GuardRails: A (Nearly) Painless Solution to Insecure Web Applications Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides | |
3:25-3:40 | Coffee Break | |||
3:40-4:30 | wXf: Web Exploitation Framework Ken Johnson and Seth Law Video | Slides] |
The Strengths of Combining Code Review with Application Penetration Testing Dave Wichers Video | Slides |
Dealing with Web Application Security, Regulation Style Andrew Weidenhamer Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
4:30-4:40 | Break | |||
4:40-5:30 | Pen-Test Panel Video | Slides |
Botnet Resistant Coding: Protecting Your Users from Script Kiddies Fabian Rothschild and Peter Greko Video | Slides |
OWASP Broken Web Applications Project Update Chuck Willis Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Joshua Windsor and Joshua Pauli Video | Slides | ||||
5:30-5:40 | Break | |||
5:40-6:30 | A new approach to preventing injection attacks on the Web Application Stack Ahmed Masud Video | Slides |
Using Misuse Cases to Articulate Vulnerabilities to Stakeholders Scott Mendenhall Video|Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides | |
The Web Hacking Incident Database (WHID) Report Ryan Barnett Video | Slides | ||||
6:30-8:30 | Cocktails and hors d'oeuvres in the EXPO Room (TBD) |
Plenary Day 2 - 11/11
Plenary Day 2 - Nov 11th 2010 | ||||
Offense (TBD) | New Frontiers (TBD) | OWASP (TBD) | Process (TBD) | |
07:30-08:55 | Registration | |||
08:55-09:00 | Day 2 Opening Remarks | |||
09:00-10:00 | Keynote: Ron Ross National Institute of Standards and Technology Video | Slides | |||
10:00-10:15 | Coffee Break | |||
10:15-11:05 | Hacking SAP BusinessObjects Joshua Abraham and Will Vandevanter Video | Slides |
Cloudy with a chance of hack! Lars Ewe Video | Slides |
Don’t Judge a Website by its GUI – Read the Label! Jeff Williams Video | Slides |
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers Dan Cornell Video | Slides |
11:05-11:15 | Break | |||
11:15-12:05 | Deconstructing ColdFusion Chris Eng and Brandon Creighton Video | Slides |
Declarative Web Security Mozilla Foundation Video | Slides |
The Secure Coding Practices Quick Reference Guide Keith Turpin Video | Slides |
Code Reviewing Strategies Andrew Wilson and John Hoopes Video | Slides |
12:05-12:15 | Break | |||
12:15-1:05 | Friendly Traitor 2 Features are hot but giving up our secrets is not! Kevin Johnson and Mike Poor Video | Slides |
Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files Aleksandr Yampolskiy Video | Slides |
Open Source Web Entry Firewall Ivan Buetler Video | Slides |
Microsoft's Security Development Lifecycle for Agile Development Nick Coblentz Video | Slides |
1:05-2:05 | Lunch | |||
2:05-2:55 | JavaSnoop: How to hack anything written in Java Arshan Dabirsiaghi Video | Slides |
Life in the Clouds: a Service Provider's View Michael Smith Video | Slides |
Solving Real World Problems with ESAPI Chris Schmidt Video | Slides |
Financial ServicesPanel Video|Slides |
2:55-3:05 | Break | |||
3:05-3:55 | Hacking .NET Applications at Runtime: A Dynamic Attack Jon McCoy Video | Slides |
Social Zombies Gone Wild: Totally Exposed and Uncensored Kevin Johnson and Tom Eston Video | Slides |
OWASP ESAPI SwingSet Fabio Cerullo Video | Slides | |
3:55-4:10 | Coffee Break | |||
4:10-5:00 | Unlocking the Toolkit: Attacking Google Web Toolkit Ron Gutierrez Video | Slides] |
Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications Dan Cornell Video | Slides |
Attack Detection and Prevention with OWASP AppSensor Colin Watson Video|Slides |
Implementing a Secure Software Development Program Darren Death Video | Slides |
5:00-5:10 | Break | |||
5:10-6:00 | Constricting the Web: Offensive Python for Web Hackers Marcin Wielgoszewski and Nathan Hamiel Video | Slides |
Threats from Economical Improvement Eduardo Neves Video | Slides |
OWASP ModSecurity Core Rule Set Ryan Barnett Video | Slides |
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform Benjamin Tomhave Video | Slides |
6:00-6:30 | Closing Remarks/Prizes The OWASP AppSec DC Team |