Revision as of 21:21, 6 July 2008

1 2008 OWASP USA, NYC

2008 OWASP USA, NYC

Last Update: 07/6/2008

Diamond Sponsor 1/1 -

Platinum Sponsor 2/3 -

-

Gold, Silver & Other Sponsors - - - - - - - - - - - - -

Sponsorship Opportunities -- Press Registration -- Other OWASP Member Offers

In association with: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, ISACA, ISSA and Pace University you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at Pace University, located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students for 2 days of hands on training classes are also available.

To Get more involved and discuss this upcoming event click here for forums or visit other OWASP member offers

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th

OWASP Speaker Agreement

Day 1 – Sept 24th, 2008
	Track 1:	Track 2:	Track 3:
07:30-10:00	Doors Open for Attendee/Speaker Registration & Exhibit/Sponsor Area
09:00-09:45	OWASP Version 3.0 who we are, where we are.. where we are going OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paolo Perego, Kate Hartmann & Alison Shrader
10:00-10:45	Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf	Web Application Security Road Map Joe White	Got Security? Kenneth R. van Wyk
11:00-11:45	Web Security Education using Open Source Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ	Http Bot Research Andre M. DiMino - ShadowServer Foundation	MalSpam Research Garth Bruen
12:00-13:00	Capture the Flag Sign-Up LUNCH - Provided by event sponsors @ TechExpo
13:00-13:45	Offensive Assessing Financial Applications Daniel Cuthbert	WAF ModSecurity Ivan Ristic	OWASP & NYC David Stern
14:00-14:45	Logic Attacks and Inefficiencies of Robotic Detection Robert "RSnake" Hansen, CEO SecTheory	Reverse Engineering .NET Adam Boulton	JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web Yiannis Pavlosoglou
15:00-15:45	Industry Panel w/ Jennifer Bayuk CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs	Wild Wild Web on Security Planet Mano Paul CEO Express Certifications	Multidisciplinary Bank Attacks Gunter Ollmann
16:00-16:45	OWASP Enterprise Security API (ESAPI) Project Jeff Williams	Shootout @ Blackbox Corral Larry Suto	80% 10% 10% Andy Steingruebl, Security @ PayPal
17:00-17:45	Threading the Needle: Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans	Shhhh Don’t Tell Anybody Petko D. Petkov	W3AF Open Source App Scanner Andres Riancho
18:00-18:45	OWASP Live CD Joshua Perrymon	Coding Secure w/PHP Hans Zaunere	Payment Card Data Security and the new Enterprise Java Dr. B. V. Kumar & Mr. Abhay Bhargav
20:00-23:00	OWASP NYC AppSec 2008 VIP Party Location: TBD
Day 2 – Sept 25th, 2008
08:00-10:00	BREAKFAST - Provided by event sponsors @ TechExpo
0800-08:45	Prof. Howard A. Schmidt, CISSP, CISM (Hon.) \| Current (ISC)² Security Strategist and Former White House Cyber Security Advisor
09:00-09:45	Good vs. Evil JavaScript Jeremiah Grossman	OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth Christian Heinrich	Web Security Education using Open Source Tools Prof. Li-Chiou Chen & Chienitng Lin of Pace Univ.
10:00-10:45	OWASP Update Dinis Cruz/Jeff Williams + Surprise Guest	OWASP Topic SPEAKER TBD	OWASP Topic Speaker TBD
11:00-11:45	CLASP (Comprehensive, Lightweight Application Security Process) Pravir Chandra	Next Generation Cross Site Scripting Worms Arshan Dabirsiaghi	Secure Software Impact Jack Danahy
12:00-12:45	Security in Agile Development Dave Wichers	Security of Software-as-a-Service (SaaS) James Landis	Open Reverse Benchmarking Project Marce Luck & Tom Stracener ]
12:00-13:00	Capture the Flag Status LUNCH - Provided by event sponsors @ TechExpo
13:00-13:45	Security Research Report Dinis Cruz	Pantera Advances Simon Roses Femerling	Lotus Notes Insecurity Jian Hui Wang
14:00-14:45	Practical Advanced Threat Modeling John Steven	Owasp Orizon Paolo Perego	Building Usable Security Zed Abbadi
15:00-15:45	Input validation: the Good, the Bad and the Ugly Johan Peeters	Offshoring Application Development? Security is Still Your Problem Rohyt Belani	NIST SAMATE Static Analysis Tool Exposition (SATE) Vadim Okun
16:00-16:45	TOPIC SPEAKER	Flash Parameter Injection (FPI) Ayal Yogev & Yuval Baror	Cross-Site Scripting Filter Evasion Alexios Fakos
17:00-17:45	Wizdom of Crowds / CTF Awards & Raffles
18:30-19:30	OWASP Foundation, Chapter Leader Meeting

Technology Pavilion - September 24th and 25th

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.

Do you want to preview the event space Click Here

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

T1. Defensive Programming - 2-Days - $1350

This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software Learn More Here

Instructor: Jason Rouse, Sr. Consultant,

T2. Secure Coding for Java EE - 2-Days - $1350
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including: Java EE security overview, All coding examples and recommendations are specifically focused on Java and Java servers, and 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class. Learn More Here Instructor: This tutorial is provided by longtime OWASP contributor:
T3. Web Services and XML Security - 2-Days - $1350
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here Instructor: Gunnar Peterson
T4. Advanced Web Application Security Testing - 2-Days - $1350
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here Instructor: This tutorial is provided by longtime OWASP contributor:
T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here Instructor: This tutorial is provided by longtime OWASP contributor:
T7. Encryption Programming Using SKSML - 2-Days - $1350
Application developers are increasingly required to protect sensitive data through encryption. While there are many libraries that can assist with cryptography, there are few to none that focus on encryption key management. This class will introduce you to an OASIS standards protocol - Symmetric Key Services Markup Language (SKSML) - and show you how it can be used to securely encrypt sensitive data and manage encryption keys across the enterprise. Learn More Here Instructor: Arshad Noor, CTO, StrongAuth Inc.

T8. Writing Secure Code ASP.NET - 2-Days - $1350

Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. Learn More Here

The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen.

HOTELS / TRAVEL

Hotels in the area of the event

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

EVENT SPONSORSHIP

The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

Sponsorship Opportunities- Register online: click here

Difference between revisions of "OWASP NYC AppSec 2008 Conference"

Revision as of 21:21, 6 July 2008

2008 OWASP USA, NYC

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th

Technology Pavilion - September 24th and 25th

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

HOTELS / TRAVEL

EVENT SPONSORSHIP

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 15: / Line 15: @@
 To Get more involved and discuss this upcoming event [http://owaspfoundation.ning.com click here for forums] or visit other OWASP [http://www.owasp.org/index.php/Member_Offers member offers]
 </center>
 == 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
 <center>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</center>
@@ Line 22: / Line 23: @@
   | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:
   | style="width:30%; background:#BCA57A" | Track 2:
-  | style="width:30%; background:#7B8ABD" | Track 3:
+  | style="width:30%; background:#99FF99" | Track 3:
   |-
-  | style="width:10%; background:#7B8ABD" | 08:00-09:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Badge Registration, [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''
+  | style="width:10%; background:#7B8ABD" | 07:30-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Doors Open for Attendee/Speaker Registration & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#Technology_Pavilion_-_September_24th_and_25th Exhibit/Sponsor Area]'''
- |-
-  | style="width:10%; background:#7B8ABD" | 09:15-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Introduction, OWASP Version 3.0 where we are.. where we are going
+|-
-''OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers''
+  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, where we are.. where we are going
- |-
+''[http://www.owasp.org/index.php/Contact OWASP Foundation]: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paolo Perego, Kate Hartmann & Alison Shrader
-| style="width:10%; background:#7B8ABD" | 10:30-11:30 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
+''
-''Robert "RSnake" Hansen CEO [http://www.sectheory.com SecTheory]''
+|-
-  | style="width:30%; background:#BCA57A" align="left" | Offensive Assessing Financial Apps
+| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" |  [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
+''[http://blog.shezaf.com Ofer Shezaf]''
-| style="width:30%; background:#7B8ABD" align="left" | Web Intrusion Detection with ModSecurity
+ | style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map]  <br>
-''Ivan Ristic''
+''[http://joesecurity.blogspot.com Joe White]''
- |-
+| style="width:30%; background:#99FF99" align="left" | Got Security?
-| style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:30%; background:#BC857A" align="left" | Reverse Engineering .NET
+''[http://www.krvw.com/about/about.html Kenneth R. van Wyk]''
+|-
+| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Web Security Education using Open Source Tools
+''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
+ | style="width:30%; background:#BCA57A" align="left" | Http Bot Research
+''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
+| style="width:30%; background:#99FF99" align="left" | MalSpam Research
+'' [http://www.knujon.com/bios.html Garth Bruen]''
+|-
+  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" |  [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
+''LUNCH - Provided by event sponsors @ TechExpo''
+|-
+| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Offensive Assessing Financial Applications
+'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
+ | style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
+''[http://www.thinkingstone.com/about/ivan-ristic.html Ivan Ristic]''
+| style="width:30%; background:#99FF99" align="left" | OWASP & NYC
+''[http://www.linkedin.com/in/davidstern2000 David Stern]''
+|-
+| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
+''[http://ha.ckers.org/blog/about Robert "RSnake" Hansen], CEO SecTheory''
+ | style="width:30%; background:#BCA57A" align="left" | Reverse Engineering .NET
 ''Adam Boulton''
- | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] 0.1 - 1.1: [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Building a Java Fuzzer for the Web]
+| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou] - Senior Director - [http://www.ouncelabs.com Ounce Labs] ''
+''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
-| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP LIVE CD]
-''Joshua Perrymon - CEO [http://www.packetfocus.com Packetfocus]''
 |-
-| style="width:10%; background:#7B8ABD" | 12:30-13:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
+| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |Industry Panel w/ Jennifer Bayuk CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
-''Gunter Ollmann, Director Security Strategy, [http://www.iss.net IBM Internet Security Systems]''
+  | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
-  | style="width:30%; background:#BCA57A" align="left" | OWASP CLASP
+''[http://www.expresscertifications.com/company/execmgt.aspx Mano Paul] CEO Express Certifications''
-''Pravir Chandra''
+| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
-| style="width:30%; background:#7B8ABD" align="left" | Shootout at the Blackbox Corral
+''Gunter Ollmann''
-''Dinis Cruz & Larry Suto''
 |-
- | style="width:10%; background:#7B8ABD" | 13:30-14:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
+| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
-Moderator: Mahi Dontamsetti
+'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
+ | style="width:30%; background:#BCA57A" align="left" | Shootout @ Blackbox Corral
+''Larry Suto ''
+| style="width:30%; background:#99FF99" align="left" | 80% 10% 10%
+'' [http://www.blogger.com/profile/07177656204885181542 Andy Steingruebl], Security @ PayPal''
 |-
-| style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af, a framework to own the web] -
+| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:
-[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho ''Andres Riancho''], [http://www.cybsec.com/ Cybsec]
-  | style="width:30%; background:#BCA57A" align="left" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What's_hot_for_2008 | Trends in Web Hacking: What's hot in 2008<br/>Analysis of the Web Hacking Incidents Database (WHID)]]
+Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
-''[http://blog.shezaf.com Ofer Shezaf], Breach''
+'' [http://www.linkedin.com/in/arianevans Arian Evans]''
-| style="width:30%; background:#7B8ABD" align="left" | Security in Agile Development
+  | style="width:30%; background:#BCA57A" align="left" |Shhhh Don’t Tell Anybody
-''Dave Wichers, COO [http://www.aspectsecurity.com Aspect Security]''
+''[http://www.linkedin.com/in/ppetkov Petko D. Petkov]''
+| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho W3AF Open Source App Scanner]
+''Andres Riancho''
+|-
+| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
+'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
+ | style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
+''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
+| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
+''Dr. B. V. Kumar & Mr. Abhay Bhargav''
+|-
+ | style="width:10%; background:#7B8ABD" | 20:00-23:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP NYC AppSec 2008 VIP Party
+''Location: TBD''
+|-
+! colspan="10" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
 |-
-| style="width:10%; background:#7B8ABD" | 15:30-16:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/ESAPI OWASP Enterprise Security API (ESAPI) Project]
+  | style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" |  BREAKFAST - Provided by event sponsors @ TechExpo
-''Jeff Williams, CEO [http://www.aspectsecurity.com Aspect Security]''
- | style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
-''Arshan Dabirsiaghi, Director of Research [http://www.aspectsecurity.com Aspect Security]''
-| style="width:30%; background:#7B8ABD" align="left" | "Threading the Needle:
-Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks."
-''Arian Evans, Director of Operations [http://www.whitehatsec.com WhiteHat Security]''
 |-
-| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:30%; background:#BC857A" align="left" | Shhhh Don’t Tell Anybody
+ | style="width:10%; background:#7B8ABD" | 0800-08:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | [http://www.aeispeakers.com/speakerbio.php?SpeakerID=1192 Prof. Howard A. Schmidt, CISSP, CISM (Hon.)] |
-''Petko D. Petkov, a.k.a. pdp''
+Current (ISC)² Security Strategist and Former White House Cyber Security Advisor
- | style="width:30%; background:#BCA57A" align="left" | Secure PHP
-''Hans Zaunere, CEO [http://www.nyphp.com NYCPHP]''
-| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
-''[http://www.owasp.org/index.php/Dr_BV_Kumar_and_Mr_Abhay_Bhargav Dr. B. V. Kumar & Mr. Abhay Bhargav] ''
 |-
-| style="width:10%; background:#7B8ABD" | 17:30-18:30 || style="width:30%; background:#BC857A" align="left" | Notes Security
+| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | Good vs. Evil JavaScript
-''Jian Hui Wang''
+''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman]''
-  | style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
+  | style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
-''Taylor McKinley and Jacob West''
+''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
-| style="width:30%; background:#7B8ABD" align="left" | AppSec Techniques
+| style="width:30%; background:#99FF99" align="left" | Web Security Education using Open Source Tools
-''JD Glaser, CEO [http://www.ntobjectives.com/company/management.php NTO Objectives]''
+''Prof. Li-Chiou Chen & Chienitng Lin of Pace Univ.''
 |-
- | style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Capture the Flag - [http://isis.poly.edu/projects Polytechnic University] & OWASP Chapter Leader Meeting - '''
+| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | OWASP Update
+''Dinis Cruz/Jeff Williams + Surprise Guest''
+ | style="width:30%; background:#BCA57A" align="left" | OWASP Topic
+''SPEAKER TBD''
+| style="width:30%; background:#99FF99" align="left" | OWASP Topic
+''Speaker TBD''
 |-
- | style="width:10%; background:#7B8ABD" | 20:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | ''' Speaker/Attendee Reception'''
+| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
+''Pravir Chandra''
+ | style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
+''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
+| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
+''[http://ouncelabs.com/company/team.asp Jack Danahy]''
 |-
-! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
+| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Security in Agile Development
+''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
+ | style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
+''[http://www.linkedin.com/pub/6/372/45a James Landis]''
+| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
+''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener] ]''
 |-
-  | style="width:10%; background:#7B8ABD" | 8:00-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Breakfast @ Tech-Expo
+  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
+''LUNCH - Provided by event sponsors @ TechExpo''
 |-
- | style="width:10%; background:#7B8ABD" | 0900-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | [http://www.aeispeakers.com/speakerbio.php?SpeakerID=1192 Prof. Howard A. Schmidt, CISSP, CISM (Hon.)] |
+| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | Security Research Report
-Current (ISC)² Security Strategist and Former White House Cyber Security Advisor
+''[http://www.linkedin.com/pub/5/742/233 Dinis Cruz]''
+ | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Pantera Advances]
+''[http://www.linkedin.com/pub/1/598/855 Simon Roses Femerling]''
+| style="width:30%; background:#99FF99" align="left" | Lotus Notes Insecurity
+''Jian Hui Wang''
 |-
-| style="width:10%; background:#7B8ABD" | 10:00-11:00 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
+| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
 ''John Steven''
-  | style="width:30%; background:#BCA57A" align="left" | [http://reversebenchmarking.com Open Reverse Benchmarking Project]
+  | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Owasp Orizon]
-''Marce Luck & Tom Stracener''
+''Paolo Perego''
-| style="width:30%; background:#7B8ABD" align="left" | Building Usable Security
+| style="width:30%; background:#99FF99" align="left" | Building Usable Security
 ''Zed Abbadi''
 |-
-| style="width:10%; background:#7B8ABD" | 11:00-12:00 || style="width:30%; background:#BC857A" align="left" | Offshoring Application Development? Security is Still Your Problem
+| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Input_validation:_the_Good%2C_the_Bad_and_the_Ugly Input validation: the Good, the Bad and the Ugly]
+''Johan Peeters''
+ | style="width:30%; background:#BCA57A" align="left" | Offshoring Application Development? Security is Still Your Problem
 ''Rohyt Belani''
- | style="width:30%; background:#BCA57A" align="left" | OWASP Orizon Project
+| style="width:30%; background:#99FF99" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
-''Paolo Perego''
-| style="width:30%; background:#7B8ABD" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
 ''Vadim Okun''
 |-
-| style="width:10%; background:#7B8ABD" | 12:00-13:00 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Wild_Wild_Web_on_Security_Planet Wild Wild Web on Security Planet]
+| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | TOPIC
-''[http://www.expresscertifications.com/company/execmgt.aspx Mano Paul] CEO [http://www.expresscertifications.com Express Certifications]''
+''SPEAKER''
- | style="width:30%; background:#BCA57A" align="left" | Software Liability
-''Jack Danahy''
-| style="width:30%; background:#7B8ABD" align="left" | Cross-Site Scripting Filter Evasion
-''Alexios Fakos''
-|-
- | style="width:10%; background:#7B8ABD" | 13:00-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Projects "Dinis Cruz & OWASP Project Leaders"
-|-
-| style="width:10%; background:#7B8ABD" | 14:00-15:00 || style="width:30%; background:#BC857A" align="left" | Projects with OWASP
-''Steve Malson''
- | style="width:30%; background:#BCA57A" align="left" | OWASP Pantera Advances
-''Simon Roses Femerling''
-| style="width:30%; background:#7B8ABD" align="left" | Software-as-a-Service (SaaS)
-''James Landis''
-|-
-| style="width:10%; background:#7B8ABD" | 15:00-16:00 || style="width:30%; background:#BC857A" align="left" | "Out of Band" Injection
-''Vijay Akasapu & Marshall Heilman''
- | style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
-''Christian Heinrich''
-| style="width:30%; background:#7B8ABD" align="left" | Caution, Java ahead
-''Jeremiah Grossman CTO [http://www.whitehatsec.com WhiteHat Security]''
-|-
-| style="width:10%; background:#7B8ABD" | 16:00-17:00 || style="width:30%; background:#BC857A" align="left" | [[Input validation: the Good, the Bad and the Ugly]]
-''[[Johan Peeters]]''
   | style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
 ''Ayal Yogev & Yuval Baror''
-| style="width:30%; background:#7B8ABD" align="left" | Learning the .Net Debugging API
+| style="width:30%; background:#99FF99" align="left" | Cross-Site Scripting Filter Evasion
-''Kevin Spett''
+''Alexios Fakos''
-|-
-| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:30%; background:#BC857A" align="left" | Secure System Development Life Cycle (SSDLC) Methodology for SOA
-''Ken Huang''
- | style="width:30%; background:#BCA57A" align="left" |  Web Security Education using Open Source Tools
-''Prof. Li-Chiou Chen & Chienitng Lin''
-| style="width:30%; background:#7B8ABD" align="left" | Friend or Foe: Penetration Testing VS Source Code Analysis
-''Tom Ryan''
 |-
-  | style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Closing Remarks / CTF Awards / Raffles'''
+  | style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" |  '''Wizdom of Crowds / CTF Awards & Raffles'''
 |-
- | style="width:10%; background:#7B8ABD" | 21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Farewell dinner.. Go secure the world'''
+  | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting
 |}
 <center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>