This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP & WASC AppSec 2008 Conference"
From OWASP
| Line 2: | Line 2: | ||
* Call for papers [[CFPFAQ | READ FAQ ]], trainers and sponsors is now offically open. All submissions needs to be sent to tomb(at)owasp.org any questions, call 973-202-0122 | * Call for papers [[CFPFAQ | READ FAQ ]], trainers and sponsors is now offically open. All submissions needs to be sent to tomb(at)owasp.org any questions, call 973-202-0122 | ||
| + | |||
| + | <hr> | ||
| + | <h1>Tuesday - October 7th</h1> | ||
| + | <table border=1 width=950> | ||
| + | <tr> <th width=50> Time </th> <th width=300> Build it! </th> <th width=300> Break it!</th> <th width=300> Bring it on!</th></tr> | ||
| + | <tr><th>930</th><th colspan=3>Registration Opens </th></tr> | ||
| + | <tr><th>945</th><th colspan=3>Administrivia </th></tr> | ||
| + | |||
| + | <tr><th>1000</th><td>Active 802.11 Fingerprinting: Gibberish and "Secret Handshakes" to Know Your AP<br><i>Sergey Bratus, Cory Cornelius and Daniel Peebles</i></td> | ||
| + | <td>Virtual Worlds - Real Exploits<br><i>Charlie Miller and Dino Dai Zovi</i></td> | ||
| + | <td>Climbing EVEREST - An Inside Look at Voting Systems Used in the US<br><i>Sandy Clark, Eric Cronin, Gaurav Shah and Matt Blaze</i></td></tr> | ||
| + | |||
| + | <tr><th>1100</th><td>SIPing Your Network<br><I>Radu State, Humberto Abdelnur, and Olivier Festor</i></td> | ||
| + | <td>Smarter Password Cracking<br><i>Matt Weir</i></td> | ||
| + | <td>Forced Internet Condom<br><i>Aaron Higbee and Jaime Fuentes</i></td></tr> | ||
| + | |||
| + | <tr><th>1200</th><td>They're Hacking Our Clients! Why are We Focusing Only on the Servers<br><i>Jay Beale</i></td> | ||
| + | <td>21st Century Shellcode for Solaris<br><i>Tim Vidas</i></td> | ||
| + | <td>A Hacker Looks Past 50<br><i>G. Mark Hardy</i></td></tr> | ||
| + | |||
| + | <tr><th>1300</th><th colspan=3>Lunch </th></tr> | ||
| + | |||
| + | <tr><th>1400</th><td>Passive Host Characterization<br><i> Matthew Wollenweber</i></td> | ||
| + | <td>Why are Databases so Hard to Secure<br><i>Sheeri Cabral</i></td> | ||
| + | <td>TL1 Device Security<br><i>Rachel Bicknell</i></td></tr> | ||
| + | |||
| + | <tr><th>1500</th><td>Practical Hacker Crypto<br><i>Simple Nomad</i></td> | ||
| + | <td>VoIP Penetration Testing: Lessons Learned<br><i>John Kindervag and Jason Ostrom</i></td> | ||
| + | <td>I Will Be Your Eyes and Hands: Colossal Cave, Adventure and Reality<br><i>Jason Scott</i></td></tr> | ||
| + | |||
| + | <tr><th>1600</th><td>Using Aspect Oriented Programming to Prevent Application Attacks<br><i>Rohit Sethi and Nish Bhalla</i></td> | ||
| + | <td>Got Citrix? Hack It!<br><i>Shanit Gupta</i></td> | ||
| + | <td>You Must Be This Tall to Ride the Security Ride<br><i>Joel Wilbanks and Pete Caro</i></td></tr> | ||
| + | |||
| + | <tr><th>1700</th><td>Flash Drives & Solid State Drives Data Recovery Comparison to Hard Drives: Animated<br><i>Scott Moulton</i></td> | ||
| + | <td>Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to "SPIKE Land"<br><i>Enno Rey and Daniel Mende</i></td> | ||
| + | <td>Legal Issues for Bot-net Researchers and Mitigators<br><i>Alexander Muentz</i></td></tr> | ||
| + | <tr><th>1830</th><th colspan=3>Hack or Halo </th></tr> | ||
| + | <tr><th>2100</th><th colspan=3>Saturday Night Party @ TBD </th></tr> | ||
| + | </table> | ||
| + | <br> | ||
| + | |||
| + | <h1> Wednesday - October 8th</h1> | ||
| + | |||
| + | <table border=1 width=950> | ||
| + | <tr> <th width=50> Time </th> <th width=300> Build it! </th> <th width=300> Break it!</th> <th width=300> Bring it on!</th></tr> | ||
| + | <tr><th>0930</th><th colspan=3>Registration Opens </th></tr> | ||
| + | <tr><th>0945</th><th colspan=3>Administrivia </th></tr> | ||
| + | |||
| + | <tr><th>1000</th><td>Hacking Windows Vista Security<br><i>Dan Griffin </i></td> | ||
| + | <td>Malware Software Armoring Circumvention<br><i>Danny Quist</i></td> | ||
| + | <td>When Lawyers Attack! Dealing with the New Rules of Electronic Discovery<br><i>John Benson, Esq.<i></td></tr> | ||
| + | |||
| + | <tr><th>1100</th><td>Vulncatcher: Fun with Vtrace and Programmatic Debugging<br><i>atlas</i></td> | ||
| + | <td>0wn the Con<br><i>The Shmoo Group</i></td> | ||
| + | <td>The Geek and the Gumshoe or Can Mathematics and Computers Really Solve Crimes?<br><i>Michael Schearer and Frank Thornton</i></td></tr> | ||
| + | |||
| + | <tr><th>1200</th><td>Path X: Explosive Security Testing Tools using XPath<br><i>Andre Gironda, Marcin Wielgoszewski and Tom Stracener</i></td> | ||
| + | <td>PEAP: Pwned Extensible Authentication Protocol<br><i>Josh Wright and Brad Antoniewicz</i></td> | ||
| + | <td>How do I Pwn Thee? Let Me Count the Ways<br><i>RenderMan</i></td></tr> | ||
| + | <tr><th>1300</th><th colspan=3>Room Split </th></tr> | ||
| + | <tr><th>1330</th><th colspan=3>Something Really Cool </th></tr> | ||
| + | <tr><th>1430</th><th colspan=3>Closing Remarks </th></tr> | ||
| + | |||
| + | </table> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | <hr> | ||
| + | |||
| + | |||
| + | |||
== Seminars - Track 1 / Track 2 / Track 3 == | == Seminars - Track 1 / Track 2 / Track 3 == | ||
Revision as of 02:05, 1 February 2008
OWASP NYC AppSec 2008 Conference October 7th - 10th 2008
- Call for papers READ FAQ , trainers and sponsors is now offically open. All submissions needs to be sent to tomb(at)owasp.org any questions, call 973-202-0122
Tuesday - October 7th
| Time | Build it! | Break it! | Bring it on! |
|---|---|---|---|
| 930 | Registration Opens | ||
| 945 | Administrivia | ||
| 1000 | Active 802.11 Fingerprinting: Gibberish and "Secret Handshakes" to Know Your AP Sergey Bratus, Cory Cornelius and Daniel Peebles |
Virtual Worlds - Real Exploits Charlie Miller and Dino Dai Zovi |
Climbing EVEREST - An Inside Look at Voting Systems Used in the US Sandy Clark, Eric Cronin, Gaurav Shah and Matt Blaze |
| 1100 | SIPing Your Network Radu State, Humberto Abdelnur, and Olivier Festor |
Smarter Password Cracking Matt Weir |
Forced Internet Condom Aaron Higbee and Jaime Fuentes |
| 1200 | They're Hacking Our Clients! Why are We Focusing Only on the Servers Jay Beale |
21st Century Shellcode for Solaris Tim Vidas |
A Hacker Looks Past 50 G. Mark Hardy |
| 1300 | Lunch | ||
| 1400 | Passive Host Characterization Matthew Wollenweber |
Why are Databases so Hard to Secure Sheeri Cabral |
TL1 Device Security Rachel Bicknell |
| 1500 | Practical Hacker Crypto Simple Nomad |
VoIP Penetration Testing: Lessons Learned John Kindervag and Jason Ostrom |
I Will Be Your Eyes and Hands: Colossal Cave, Adventure and Reality Jason Scott |
| 1600 | Using Aspect Oriented Programming to Prevent Application Attacks Rohit Sethi and Nish Bhalla |
Got Citrix? Hack It! Shanit Gupta |
You Must Be This Tall to Ride the Security Ride Joel Wilbanks and Pete Caro |
| 1700 | Flash Drives & Solid State Drives Data Recovery Comparison to Hard Drives: Animated Scott Moulton |
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to "SPIKE Land" Enno Rey and Daniel Mende |
Legal Issues for Bot-net Researchers and Mitigators Alexander Muentz |
| 1830 | Hack or Halo | ||
| 2100 | Saturday Night Party @ TBD | ||
Wednesday - October 8th
| Time | Build it! | Break it! | Bring it on! |
|---|---|---|---|
| 0930 | Registration Opens | ||
| 0945 | Administrivia | ||
| 1000 | Hacking Windows Vista Security Dan Griffin |
Malware Software Armoring Circumvention Danny Quist |
When Lawyers Attack! Dealing with the New Rules of Electronic Discovery John Benson, Esq.<i></td></tr> |
| 1100 | Vulncatcher: Fun with Vtrace and Programmatic Debugging <i>atlas |
0wn the Con The Shmoo Group |
The Geek and the Gumshoe or Can Mathematics and Computers Really Solve Crimes? Michael Schearer and Frank Thornton |
| 1200 | Path X: Explosive Security Testing Tools using XPath Andre Gironda, Marcin Wielgoszewski and Tom Stracener |
PEAP: Pwned Extensible Authentication Protocol Josh Wright and Brad Antoniewicz |
How do I Pwn Thee? Let Me Count the Ways RenderMan |
| 1300 | Room Split | ||
| 1330 | Something Really Cool | ||
| 1430 | Closing Remarks | ||
Seminars - Track 1 / Track 2 / Track 3
| Day 1 - October 7, 2008 | ||
|---|---|---|
| Track 1: | Track 2: | |
| 08:00-09:00 | Registration and Coffee | |
| 09:00-09:15 | OWASP AppSec 2008 Kick Off: Jeff Willams, Dave Wichers, Tom Brennan, Dinis Cruz & Sebastien Deleersnyder - OWASP Foundation Board Members | |
| 09:10-10:00 | Keynote: Special Guest | |
| 10:00-10:45 | Panel: Industry Roundtable
Moderator: Tom Brennan Panelists: Jennifer Bayuk, CISO, Bear Stearns, Warren Axelrod, SVP, Bank of America, Jim Routh, CISO, DTCC | |
| 11:00-11:45 | Speaker2 | |
| 12:00-12:45 | Speaker3 | |
| 13:00-14:00 | Topic: W3AF is a Web application attack and Audit Framework
Speaker: Andres Riancho a student at UBA and an information security geek that lives in Argentina. He has contributed to other Open Source projects and esporadically writes for SecureArg an information security site co-founded by him |
Speaker5 |
| 12:45-13:45 | Speaker6 | |
| 13:45-14:30 | Speaker7 | Topic: Hacking Intranets Through Web Interfaces
Speaker:Robert "RSNAKE" Hansen |
| 14:30-15:10 | Speaker9 | Speaker10 |
| 15:10-15:30 | Break | |
| 15:30-16:40 | Speaker11 | Speaker12 |
| 16:40-17:00 | Break | |
| 17:00-18:00 | Panel: Security Roundtable
Moderator: TBD Panelists: Chris Stangle, FBI Cybercrimes, TBD, TBD, TBD, TBD, | |
| 18:00-19:00 | OWASP Worldwide Chapter Leader Meeting | |
| 19:00-21:00 | OWASP Social Gathering: Dinner and Drinks | |
| Day 2 - October 8th, 2008 | ||
| Track 1: | Track 2: | |
| 08:00-09:00 | Coffee | |
| 09:00-9:50 | Keynote: tbd | |
| 9:50-10:30 | tbd | |
| 10:30-10:50 | Break | |
| 10:50-11:30 | tbd | tbd |
| 11:30-12:30 | tbd | tbd |
| 12:30-13:45 | Lunch | |
| 13:45-14:30 | tbd | tbd |
| 14:30-15:20 | tbd | tbd |
| 15:20-15:40 | Break | |
| 15:40-16:30 | tbd | tbd |
| 16:30-17:30 | Panel: Responsible "tbd"
Moderator: tbd Panelists: tbd |
Panel: "tbd"
Moderator: tbd Panelists: tbd |
| 17:30-17:45 | Conference Wrap Up | |
| 18:30-20:30 | Cocktail Party (tbd?) | |
Track 3:
| Day 1 - May 22, 2008 | ||
|---|---|---|
| Track 3: | ||
| 11:10-11:30 | Break | |
| 11:30-12:30 | tbd | |
| 12:30-13:45 | Lunch | |
| 13:45-14:30 | tbd | |
| 14:30-15:10 | tbd | |
| 15:10-15:30 | Break | |
| 15:30-16:40 | tbd | |
| Day 2 - May 23, 2008 | ||
|---|---|---|
| Track 3: | ||
| 11:10-11:30 | Break | |
| 11:30-12:30 | tbd | |
| 12:30-13:45 | Lunch | |
| 13:45-14:30 | tbd | |
| 14:30-15:10 | tbd | |
| 15:10-15:30 | Break | |
| 15:30-16:40 | tbd | |
Technology Expo - October 7th - 8th
Want to see the latest offerings from best of breed technology firms? For 2 days, Product/Service vendors worldwide will demonstrate their ability to conference attendees.
To be a vendor at this event please contact Tom Brennan at tomb (at) owasp.org or 973-202-0122
OWASP AppSec 2008 Training Courses - October 9th and 10th 2008
| T1. Building and Testing Secure Web Applications |
|---|
| This powerful two-day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how easily application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code. |
| T2. Application Security Forensics |
| How would you respond to a application security hack? This coure will provide insight into the world or forensics with a focus on Web Application Security |
| T3. TBD |
| tbd Read more here! |
| T4. TBD |
| tbd Read more here! |
| T5. TBD |
| TBD |
To be a trainer at this event please contact Tom Brennan at tomb (at) owasp.org or 973-202-0122
