This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Education Presentation"
From OWASP
(→Chapter Presentations) |
(→Chapter Presentations) |
||
Line 164: | Line 164: | ||
|-valign="top" | |-valign="top" | ||
|[[:Image:Security at the VMM Layer - OWASP.ppt|Security at the VMM Layer by Ted Winograd]] || Security at the VMM Layer || Expert ||June 2007 || [[Virginia (Northern Virginia)]] | |[[:Image:Security at the VMM Layer - OWASP.ppt|Security at the VMM Layer by Ted Winograd]] || Security at the VMM Layer || Expert ||June 2007 || [[Virginia (Northern Virginia)]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:KC June 2007 Evaluating and Tuning WAFs.pdf|Evaluating and Tuning Web Application Firewalls (Barry Archer)]] ||Presentation given at Kansas City June 2007 chapter meeting|| Intermediate ||June 2007 || [[Kansas City]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP_SDL-IT.pdf|Microsoft Security Development Lifecycle for IT (Rob Labbé)]] ||Presentation by Rob Labbe at Ottawa OWASP Chapter|| Novice ||May 2007|| [[Ottawa]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP_IL_7_Application_DOS.pdf|Application Denial of Service (Shaayy Cheen)]] ||Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP_IL_7_FuzzGuru.pdf|Fuzzing in Microsoft and FuzzGuru framework (John Neystadt)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP_IL_7_AppSec_and_Beyond.pdf|Application Security, not just development (David Lewis)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP IL 7 Overtaking Google Desktop.pdf|Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP IL 7 UnregisterAttackInSip.pdf|Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP IL 7 WAF Positive Security.pdf|Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf)]] ||Presentation given at the Israel Mini Conference in May 2007|| Intermediate ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP IL 7 DOT NET Reverse Engineering.pdf|.NET Reverse Engineering (Erez Mettulla)]] ||Presentation given at the Israel Mini Conference in May 2007|| Expert ||May 2007 || [[Israel]] | ||
+ | |-valign="top" | ||
+ | |[[:Image:OWASP IL 7 OWASP Introduction.pdf|OWASP introduction (Ofer Shezaf)]] ||2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya|| Intermediate ||May 2007 || [[Israel]] | ||
|-valign="top" | |-valign="top" | ||
|[[:Image:OWASP BeLux 2007-06-22 Update on Internet Attack Statistics for Belgium in 2006.ppt|Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H)]] || Update on Internet Attack Statistics for Belgium in 2006 || Novice ||May 2007 || [[Belgium]] | |[[:Image:OWASP BeLux 2007-06-22 Update on Internet Attack Statistics for Belgium in 2006.ppt|Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H)]] || Update on Internet Attack Statistics for Belgium in 2006 || Novice ||May 2007 || [[Belgium]] |
Revision as of 09:29, 29 July 2007
This page provide a commented overview of the OWASP presentations available.
Please use the last line of the tables as template.
Presentions can be tracked through:
- the OWASP Presentations Category
- Past OWASP Conference agenda's
- From the chapter pages
Everybody is encouraged to link the presentations and add their findings on this page ! There are currently hundreds of presentations all over the OWASP web site. If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76. Feel free to “mine” them and add them to the overview.
OWASP Project Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
OWASP NY Keynote by Jeff also available in French | OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse | Novice | 2007-06-12 |
The OWASP Testing Guide (Jeff Williams) | Overview of the OWASP Testing Guide | Novice | 2007-01-23 |
The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli) | Presentation at EUSecWest07 | Intermediate | 2007-03-01 |
OWASP Project Overview | High level overview of projects and how OWASP works | Novice | 2006-09-19 |
The OWASP Application Security Metrics Project (Bob Austin) | Presentation on the Application Security Metrics project | Novice | 2006-10-17 |
OWASP CLASP Project (Pravir Chandra) | OWASP CLASP project presentation given at the 2006 European AppSec conference | Novice | 2006-05-30 |
Sprajax (Dan Cornell) | OWASP Sprajax presentation given at the 2006 Seattle AppSec conference | Intermediate | 2006-10-17 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
OWASP Conference Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Mod Security Core Rule Set (Ofer Shezaf) | Ofer Shezaf's presentation on the Core Ruleset for the latest version of ModSecurity presented at 6th OWASP AppSec conference in Milan, Italy, in May 2007. | Intermediate | 2007-05-16 |
OWASP Testing Guide v2.1 (Matteo Meucci) | Matteo Meucci's presentation on the OWASP Testing Guide v2 at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
CLASP (Pravir Chandra) | Pravir Chandra's presentation on the upcoming 2007 update to CLASP presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Advanced Web Hacking (PDP) | PDPs presentation at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
XML Security Gateway Evaluation Criteria (Gunnar Peterson) | Gunnar Peterson's presentation about the new XML Security Gateway Evaluation Criteria project at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Testing Flash Applications (Stephano Di Paolo) | Stephano Di Paolo's presentation on how to test Flash applications presented at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
Overtaking Google Desktop (Yair Amit) | Yair Amit's presentation on XSS Flaws in Google Desktop that can be exploited through google.com presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
ACE Team Application Security from the Core (Simon Roses Femerling) | Simon Roses Femerling's presentation on the Microsoft ACE team's application security process at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Pantera (Simon Roses Femerling) | Simon Roses Femerling's presentation on the new OWASP tool Pantera at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Protecting Web applications from universal PDF XSS (Ivan Ristic) | Ivan Ristic's Universal XSS PDF presentation at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Software Security (Rudolph Araujo) | Rudolph Araujo's presentation on Application Security best practices at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Intermediate | 2007-05-16 |
WebGoat v5 (Dave Wichers) | WebGoat v5 presentation by Dave Wichers at the 6th OWASP AppSec Conference in Milan, Italy, May 2007. | Intermediate | 2007-05-16 |
WebScarab NG (Dave Wichers) | Description of the new WebScarab-NG efforts presented by Dave Wichers at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
SANS SPSA Initiative (Dave Wichers) | Description of the SANS Secure Coding Exam Initiative presented by Dave Wichers at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Novice | 2007-05-16 |
OWASP Italy Activities (Raoul Chiesa) | Raoul Chiesa's keynote for day 2 of the 6th OWASP AppSec conference on the state of application security in Italy including OWASP's activities in that country. | Novice | 2007-05-16 |
Security engineering in Vista (Alex Lucas) | Alex Lucas' from Microsoft's keynote presentation for Day 1 of the 6th OWASP AppSec conference in Milan on the benefits of Microsoft's SDL to the security of Vista. | Intermediate | 2007-05-16 |
How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard) | Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 | Intermediate | 2006-10-18 |
Bootstrapping the Application Assurance Process (Sebastien Deleersnyder) | Presentation given during the European 2006 AppSec conference on the application assurance process | Novice | 2006-05-30 |
Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France) | Presentation given at the European 2006 AppSec conference about security and soap message structure issues | Intermediate | 2006-05-31 |
Web Application Firewalls:When Are They Useful? (Ivan Ristic) | Presentation about Web Application Firewalls | Novice | 2006-05-31 |
HTTP Message Splitting, Smuggling and Other Animals (Amit Klein) | A presentation about Message splitting other attacks around the HTTP protocol | Intermediate | 2006-05-31 |
Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis) | Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference | Intermediate | 2006-10-18 |
Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) | A talk about how automated testing tools stack up against the OWASP top 10 | Intermediate | 2006-05-30 |
RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter) | Presentation given about how Sessions can be hi-jacked, etc... | Novice | 2006-05-31 |
Security Testing through Automated Software Tests (Stephen de Vries) | Presentation given at the 2006 EuSec conference | Intermediate | 2006-05-31 |
In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet) | Conference given at the 2005 DC AppSec conference | Novice | 2005-10-1 |
Google Hacking and Web Application Worms (Matt Fisher) | Talk given at the 2005 DC AppSec conference | Novice | 2005-10-01 |
Establishing an Enterprise Application Security Program (Tony Canike) | Talk given at the 2005 DC AppSec Conference | Novice | 2005-10-01 |
Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers) | Dave's talk on AJAX given at the Seattle 2006 AppSec conference | Intermediate | 2006-10-01 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
Web Application Security Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Universal PDF XSS by Ivan Ristic | Protecting Web Applications from Universal PDF XSS | Intermediate | 2007-06-28 |
[Advanced SQL Injection (Victor Chapela) | Detailed methodology for analyzing applications for SQL injection vulnerabilities | Expert | 2005-11-04 |
[Advanced Topics on SQL Injection Protection (Sam NG) | 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. | Intermediate | 2006-02-27 |
[Attacking Web Services (Alex Stamos) | Web Services Introduction and Attacks | Intermediate | 2005-10-11 |
MMS Spoofing (Matteo Meucci) | A Case-study of a vulnerable web application | Intermediate | |
Ajax Security (Andrew van der Stock) | Presentation on Ajax security for OWASP AppSec Europe 2006 | Intermediate | 2006-05-30 |
Advanced Web Services Security & Hacking (Justin Derry) | Presentation given on Webservice security at the Seattle 2006 AppSec conference | Intermediate | 2006-10-18 |
Integration into the SDLC (Eoin Keary) | A presentation about why and how to integrate the SDLC. | Novice | 2005-04-09 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
Chapter Presentations
Title | Comment | Level | Month (Mon-yyyy) | Chapter |
---|---|---|---|---|
Dependability for Java Mobile Code (Pierre Parrend) | OWASP Swiss chapter presentation on Mobile Java Security | Expert | July 2007 | Switzerland |
Trust, Security and Usability (Roger Carhuatocto) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Tratamiento seguro de datos en aplicaciones in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Ataques DoS en aplicaciones Web (Jaime Blasco Bermejo) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Seguridad en entornos financierosPedro (Pedro Sánchez) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting | Java Open Review | Intermediate | June 2007 | Virginia (Northern Virginia) |
Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007. | Bytecode injection | Expert | June 2007 | Virginia (Northern Virginia) |
Security at the VMM Layer by Ted Winograd | Security at the VMM Layer | Expert | June 2007 | Virginia (Northern Virginia) |
Evaluating and Tuning Web Application Firewalls (Barry Archer) | Presentation given at Kansas City June 2007 chapter meeting | Intermediate | June 2007 | Kansas City |
Microsoft Security Development Lifecycle for IT (Rob Labbé) | Presentation by Rob Labbe at Ottawa OWASP Chapter | Novice | May 2007 | Ottawa |
Application Denial of Service (Shaayy Cheen) | Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Fuzzing in Microsoft and FuzzGuru framework (John Neystadt) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Application Security, not just development (David Lewis) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
.NET Reverse Engineering (Erez Mettulla) | Presentation given at the Israel Mini Conference in May 2007 | Expert | May 2007 | Israel |
OWASP introduction (Ofer Shezaf) | 2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya | Intermediate | May 2007 | Israel |
Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H) | Update on Internet Attack Statistics for Belgium in 2006 | Novice | May 2007 | Belgium |
Securing Web Services using XML Security Gateways by Tim Bond | Securing Web Services using XML Security Gateways | Intermediate | May 2007 | Virginia (Northern Virginia) |
Software Assurance in the Acquisition Process by Stan Wisseman | Software Assurance in the Acquisition Process | Intermediate | May 2007 | Virginia (Northern Virginia) |
Legal Aspects of (Web) Application Security by Jos Dumortier | Legal Aspects of (Web) Application Security | Intermediate | May 2007 | Belgium |
AppSec Research (University Leuven Belgium) | Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet | Expert | May 2007 | Belgium |
A Scanner Sparkly | A Scanner Sparkly, taken from the Phoenix OWASP presentations on Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
Grey Box Assessment Lessons Learned | "Grey Box Assessment Lessons Learned", taken from the Phoenix OWASP presentations, Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
OWASP Update and OWASP BeLux Board Presentation (Seba) | OWASP Update and OWASP BeLux Board Presentation | Novice | May 2007 | Belgium |
OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
XSS Worms (Sven Vetsch) | XSS Worms | Intermediate | Feb 2007 | Switzerland |
OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
WebGoat and Pantera presentation (Philippe Bogaerts) | WebGoat and Pantera presentation | Novice | Jan 2007 | Belgium |
Security implications of AOP for secure software (Bart De Win) | Security implications of AOP for secure software | Expert | Jan 2007 | Belgium |
testing for common security flaws (David Byrne) | testing for common security flaws | Intermediate | Nov 2006 | Denver |
40-ish slides on analyzing threats (Olli) | Analyzing Threats | Novice | Dec 2006 | Helsinki |
Attacking the Application (Dave Ferguson) | Vulnerabilities, attacks and coding suggestions | Intermediate | Dec 2006 | Kansas City |
Ajax Security Concerns (Rohini Sulatycki) | Ajax Security Concerns | Intermediate | Dec 2006 | Kansas City |
Anatomy of 2 Web Application Testing (Matteo Meucci) | Anatomy of 2 Web Application Testing | Intermediate | Mar 2006 | Italy |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | Mon Year | Chapter |