This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec India Conference 2008"

From OWASP
Jump to: navigation, search
(OWASP AppSec India Conference 2008 - August 20th-21st 2008)
(OWASP AppSec India Conference 2008 Schedule – August 20th - August 21st)
Line 12: Line 12:
 
<BR>
 
<BR>
 
== OWASP AppSec India Conference 2008 Schedule – August 20th - August 21st ==
 
== OWASP AppSec India Conference 2008 Schedule – August 20th - August 21st ==
 +
{| style="width:80%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – August 20th, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 08:15 hrs - 9:00 hrs || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Registrations and Welcome Tea / Coffee'''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 09:15-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Introduction, OWASP Version 3.0 where we are.. where we are going
 +
''OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:30-11:30 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
 +
''Robert "RSnake" Hansen CEO [http://www.sectheory.com SecTheory]''
 +
| style="width:30%; background:#BCA57A" align="left" | Offensive Assessing Financial Apps
 +
''Daniel Cuthbert''
 +
| style="width:30%; background:#7B8ABD" align="left" | Web Intrusion Detection with ModSecurity
 +
''Ivan Ristic''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:30%; background:#BC857A" align="left" | Reverse Engineering .NET
 +
''Adam Boulton''
 +
| style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] 0.1 - 1.1: [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Building a Java Fuzzer for the Web]
 +
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou] - Senior Director - [http://www.ouncelabs.com Ounce Labs] ''
 +
| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP LIVE CD]
 +
''Joshua Perrymon - CEO [http://www.packetfocus.com Packetfocus]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 12:30-13:30 || style="width:30%; background:#BC857A" align="left" | [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
 +
''Gunter Ollmann, Director Security Strategy, [http://www.iss.net IBM Internet Security Systems]''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP CLASP
 +
''Pravir Chandra''
 +
| style="width:30%; background:#7B8ABD" align="left" | Shootout at the Blackbox Corral
 +
''Dinis Cruz & Larry Suto''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 13:30-14:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
 +
Moderator: Mahi Dontamsetti
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af, a framework to own the web] -
 +
[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho ''Andres Riancho''], [http://www.cybsec.com/ Cybsec]
 +
 +
| style="width:30%; background:#BCA57A" align="left" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What's_hot_for_2008 | Trends in Web Hacking: What's hot in 2008<br/>Analysis of the Web Hacking Incidents Database (WHID)]]
 +
''[http://blog.shezaf.com Ofer Shezaf], Breach''
 +
| style="width:30%; background:#7B8ABD" align="left" | Security in Agile Development
 +
''Dave Wichers, COO [http://www.aspectsecurity.com Aspect Security]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 15:30-16:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/ESAPI OWASP Enterprise Security API (ESAPI) Project]
 +
''Jeff Williams, CEO [http://www.aspectsecurity.com Aspect Security]''
 +
| style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
 +
''Arshan Dabirsiaghi, Director of Research [http://www.aspectsecurity.com Aspect Security]''
 +
| style="width:30%; background:#7B8ABD" align="left" | "Threading the Needle:
 +
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks."
 +
''Arian Evans, Director of Operations [http://www.whitehatsec.com WhiteHat Security]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:30%; background:#BC857A" align="left" | Shhhh Don’t Tell Anybody
 +
''Petko D. Petkov, a.k.a. pdp''
 +
| style="width:30%; background:#BCA57A" align="left" | Secure PHP
 +
''Hans Zaunere, CEO [http://www.nyphp.com NYCPHP]''
 +
| style="width:30%; background:#7B8ABD" align="left" | Payment Card Data Security and the new Enterprise Java
 +
''Dr. B. V. Kumar & Mr. Abhay ''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 17:30-18:30 || style="width:30%; background:#BC857A" align="left" | Notes Security
 +
''Jian Hui Wang''
 +
| style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
 +
''Taylor McKinley and Jacob West''
 +
| style="width:30%; background:#7B8ABD" align="left" | AppSec Techniques
 +
''JD Glaser, CEO [http://www.ntobjectives.com/company/management.php NTO Objectives]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Web Application Capture the Flag - [http://isis.poly.edu/projects Polytechnic University]'''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 20:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | ''' Speaker/Attendee Reception'''
 +
|-
 +
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 8:00-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Breakfast @ Tech-Expo
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 0900-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''"We have all the tools, policies, frameworks, documents, community support available what works... what does not?" '  Industry Panel: Arian J. Evans, Jeremiah Grossman, Gunter Ollmann, Ofer Shezaf,  Moderator: Daniel Cuthbert''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:00-11:00 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
 +
''John Steven''
 +
| style="width:30%; background:#BCA57A" align="left" | [http://reversebenchmarking.com Open Reverse Benchmarking Project]
 +
''Marce Luck & Tom Stracener''
 +
| style="width:30%; background:#7B8ABD" align="left" | Building Usable Security
 +
''Zed Abbadi''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 11:00-12:00 || style="width:30%; background:#BC857A" align="left" | Offshoring Application Development? Security is Still Your Problem
 +
''Rohyt Belani''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP Orizon Project
 +
''Paolo Perego''
 +
| style="width:30%; background:#7B8ABD" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
 +
''Vadim Okun''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || style="width:30%; background:#BC857A" align="left" | The Art and Nature of Web Application Security
 +
''Mano Paul CEO [http://www.expresscertifications.com Express Certifications]''
 +
| style="width:30%; background:#BCA57A" align="left" | Software Liability
 +
''Jack Danahy''
 +
| style="width:30%; background:#7B8ABD" align="left" | Cross-Site Scripting Filter Evasion
 +
''Alexios Fakos''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 13:00-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Projects "Dinis Cruz & OWASP Project Leaders"
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 14:00-15:00 || style="width:30%; background:#BC857A" align="left" | Projects with OWASP
 +
''Steve Malson''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP Pantera Advances
 +
''Simon Roses Femerling''
 +
| style="width:30%; background:#7B8ABD" align="left" | Software-as-a-Service (SaaS)
 +
''James Landis''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 15:00-16:00 || style="width:30%; background:#BC857A" align="left" | "Out of Band" Injection
 +
''Vijay Akasapu & Marshall Heilman''
 +
| style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
 +
''Christian Heinrich''
 +
| style="width:30%; background:#7B8ABD" align="left" | Caution, Java ahead
 +
''Jeremiah Grossman CTO [http://www.whitehatsec.com WhiteHat Security]''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 16:00-17:00 || style="width:30%; background:#BC857A" align="left" | [[Input validation: the Good, the Bad and the Ugly]]
 +
''[[Johan Peeters]]''
 +
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
 +
''Ayal Yogev & Yuval Baror''
 +
| style="width:30%; background:#7B8ABD" align="left" | Learning the .Net Debugging API
 +
''Kevin Spett''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:30%; background:#BC857A" align="left" | Secure System Development Life Cycle (SSDLC) Methodology for SOA
 +
''Ken Huang''
 +
| style="width:30%; background:#BCA57A" align="left" |  Web Security Education using Open Source Tools
 +
''Prof. Li-Chiou Chen & Chienitng Lin''
 +
| style="width:30%; background:#7B8ABD" align="left" | Friend or Foe: Penetration Testing VS Source Code Analysis
 +
''Tom Ryan''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Closing Remarks / CTF Awards / Raffles'''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Farewell dinner.. Go secure the world'''
 +
|}

Revision as of 19:01, 3 June 2008

OWASP Delhi Appsec conference-heading.gif

OWASP AppSec India Conference 2008 - August 20th-21st 2008

Delhi Chapter invites you to (1) day of Conferences with theme as "Application Security - Trends and Challenges" and Technology from the world's most regarded application security leaders and experts, (1) day of extensive hands-on multi-tracked workshop, all to be held at Hotel Intercontinental EROS, New Delhi.

Event Fees:
INR. 5,000 (approx. USD 125) for 1 day of conference
INR. 10,000 (approx. USD 250) for 1-day hands-on workshop.


Event Sponsors

Please contact OWASP Delhi chapter board for sponsorship opportunities.


OWASP AppSec India Conference 2008 Schedule – August 20th - August 21st

Day 1 – August 20th, 2008
Track 1:
08:15 hrs - 9:00 hrs Registrations and Welcome Tea / Coffee
09:15-10:15 Introduction, OWASP Version 3.0 where we are.. where we are going

OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers

10:30-11:30 Logic Attacks and Inefficiencies of Robotic Detection

Robert "RSnake" Hansen CEO SecTheory

Offensive Assessing Financial Apps

Daniel Cuthbert

Web Intrusion Detection with ModSecurity

Ivan Ristic

11:30-12:30 Reverse Engineering .NET

Adam Boulton

JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web

Yiannis Pavlosoglou - Senior Director - Ounce Labs

OWASP LIVE CD

Joshua Perrymon - CEO Packetfocus

12:30-13:30 Multidisciplinary Bank Attacks

Gunter Ollmann, Director Security Strategy, IBM Internet Security Systems

OWASP CLASP

Pravir Chandra

Shootout at the Blackbox Corral

Dinis Cruz & Larry Suto

13:30-14:30 Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs

Moderator: Mahi Dontamsetti

14:30-15:30 w3af, a framework to own the web -

Andres Riancho, Cybsec

Trends in Web Hacking: What's hot in 2008
Analysis of the Web Hacking Incidents Database (WHID)

Ofer Shezaf, Breach

Security in Agile Development

Dave Wichers, COO Aspect Security

15:30-16:30 OWASP Enterprise Security API (ESAPI) Project

Jeff Williams, CEO Aspect Security

Next Generation Cross Site Scripting Worms

Arshan Dabirsiaghi, Director of Research Aspect Security

"Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks." Arian Evans, Director of Operations WhiteHat Security

16:30-17:30 Shhhh Don’t Tell Anybody

Petko D. Petkov, a.k.a. pdp

Secure PHP

Hans Zaunere, CEO NYCPHP

Payment Card Data Security and the new Enterprise Java

Dr. B. V. Kumar & Mr. Abhay

17:30-18:30 Notes Security

Jian Hui Wang

Mastering PCI Section 6.6

Taylor McKinley and Jacob West

AppSec Techniques

JD Glaser, CEO NTO Objectives

18:30 Web Application Capture the Flag - Polytechnic University
20:00 Speaker/Attendee Reception
Day 2 – Sept 25th, 2008
8:00-10:00 Breakfast @ Tech-Expo
0900-10:00 '"We have all the tools, policies, frameworks, documents, community support available what works... what does not?" ' Industry Panel: Arian J. Evans, Jeremiah Grossman, Gunter Ollmann, Ofer Shezaf, Moderator: Daniel Cuthbert
10:00-11:00 Practical Advanced Threat Modeling

John Steven

Open Reverse Benchmarking Project

Marce Luck & Tom Stracener

Building Usable Security

Zed Abbadi

11:00-12:00 Offshoring Application Development? Security is Still Your Problem

Rohyt Belani

OWASP Orizon Project

Paolo Perego

NIST SAMATE Static Analysis Tool Exposition (SATE)

Vadim Okun

12:00-13:00 The Art and Nature of Web Application Security

Mano Paul CEO Express Certifications

Software Liability

Jack Danahy

Cross-Site Scripting Filter Evasion

Alexios Fakos

13:00-14:00 OWASP Projects "Dinis Cruz & OWASP Project Leaders"
14:00-15:00 Projects with OWASP

Steve Malson

OWASP Pantera Advances

Simon Roses Femerling

Software-as-a-Service (SaaS)

James Landis

15:00-16:00 "Out of Band" Injection

Vijay Akasapu & Marshall Heilman

OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth

Christian Heinrich

Caution, Java ahead

Jeremiah Grossman CTO WhiteHat Security

16:00-17:00 Input validation: the Good, the Bad and the Ugly

Johan Peeters

Flash Parameter Injection (FPI)

Ayal Yogev & Yuval Baror

Learning the .Net Debugging API

Kevin Spett

17:00-18:00 Secure System Development Life Cycle (SSDLC) Methodology for SOA

Ken Huang

Web Security Education using Open Source Tools

Prof. Li-Chiou Chen & Chienitng Lin

Friend or Foe: Penetration Testing VS Source Code Analysis

Tom Ryan

18:30 Closing Remarks / CTF Awards / Raffles
21:00 Farewell dinner.. Go secure the world
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_AppSec_India_Conference_2008&oldid=30259"