|
|
| Line 4: |
Line 4: |
| | <br> | | <br> |
| | <hr> | | <hr> |
| − | <h2> This event is over... but the internet and video allows you to watch it again and again and again for FREE!!</h2>
| |
| − | <hr>
| |
| − | This vendor agnostic conference HAD tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends live Sept 24th - 25th and was presented by some of the brightest people in the industry. Watch the videos FREE OF CHARGE as OWASP is a different kind of organization.
| |
| | <hr> | | <hr> |
| | + | Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. <br><br> |
| | + | Below please find the videos from the OWASP APPSEC 2008, NYC event that took place on Sept 24th and 25th of 2008 scroll down and click on the video or the slides depending on what you want. |
| | + | |
| | + | *Note as of Oct 2nd, we are adding the videos as the become avail., so please check back often. |
| | | | |
| − | <center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>
| |
| − | <br>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Platinum Sponsor] - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif] - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] - [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center><br>
| |
| − | [https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Gold, Silver, Expo & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.denimgroup.com http://www.owasp.org/images/5/56/Denimgroup.jpg] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
| |
| − | [http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
| |
| − | [http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
| |
| − | [http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
| |
| − | [http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] - [http://www.symantec.com https://www.owasp.org/images/2/26/New_Symantec_Logo.jpg] - [http://www.prevalent.net https://www.owasp.org/images/4/47/Prev_Logo_with_Tag_Line.jpg] - [http://www.mclabs.com https://www.owasp.org/images/9/91/MicroTek.jpg] - [http://www.protiviti.com https://www.owasp.org/images/c/cf/Protiviti.jpg]
| |
| − | <br>
| |
| − | <center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Sponsorship Opportunities] / [https://www.owasp.org/images/6/6e/Vendorfaq.pdf Vendor FAQ] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
| |
| | <hr> | | <hr> |
| − |
| |
| − | <br>
| |
| | | | |
| | == 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th == | | == 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th == |
| Line 192: |
Line 182: |
| | | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better! | | | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better! |
| | |} | | |} |
| − |
| |
| − |
| |
| − | <center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>
| |
| − |
| |
| − | == Technology Pavilion - September 24th and 25th ==
| |
| − |
| |
| − | Want to see the latest offerings from technology product and service firms worldwide? Stop by the Technology Pavilion/TechExpo on September 24th and 25th.
| |
| − |
| |
| − | Do you want to preview the event space [http://www.parkcentralny.com/meetings/floor_plans.cfm Click Here]
| |
| − |
| |
| − | <hr>
| |
| − |
| |
| − | == CPE Credits ==
| |
| − |
| |
| − | Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.
| |
| − |
| |
| − | '''The CISM cpe policy (www.isaca.org/cismcpepolicy) states''':
| |
| − |
| |
| − | One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.
| |
| − |
| |
| − | Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"
| |
| − |
| |
| − | '''Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC'''
| |
| − |
| |
| − | Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows:
| |
| − | Training Courses: September 22-23, 2008
| |
| − | • 16 CPE units for 2 days of training (Monday - Tuesday)
| |
| − | • 8 CPE units for 1 day of training (Monday or Tuesday Only)
| |
| − | Conferences: September 24-25, 2008
| |
| − | Earn 1 CPE per hour of conference attendance
| |
| − |
| |
| − | == [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008 ] ==
| |
| − |
| |
| − | All classes begin at 9AM and end at 5:30PM
| |
| − |
| |
| − | {| style="width:80%" border="0" align="center"
| |
| − | ! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. [[:Category:OWASP_AppSec_Conference_Training#T1._Defensive_Programming_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
| |
| − |
| |
| − | Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''
| |
| − | |-
| |
| − | {| style="width:80%" border="0" align="center"
| |
| − | ! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
| |
| − | # Java EE security overview,
| |
| − | # All coding examples and recommendations are specifically focused on Java and Java servers, and
| |
| − | # 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.
| |
| − |
| |
| − | [[:Category:OWASP_AppSec_Conference_Training#T2._Secure_Coding_for_Java_EE-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
| |
| − |
| |
| − | Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
| |
| − | '''
| |
| − | |-
| |
| − | ! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training#T3._Web_Services_and_XML_Security_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
| |
| − |
| |
| − | Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
| |
| − | |-
| |
| − | ! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training#T4._Advanced_Web_Application_Security_Testing_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
| |
| − |
| |
| − | Instructor: Eric Sheridan: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
| |
| − | |-
| |
| − | ! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training#T5._Leading_the_Development_of_Secure_Applications_-_1-Day_Course_-_Sep_22.2C_2008 | Learn More Here]]
| |
| − | Instructor: John Pavone: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
| |
| − | |-
| |
| − | {| style="width:80%" border="0" align="center"
| |
| − | |-
| |
| − | ! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. [[:Category:OWASP_AppSec_Conference_Training#T6._Building_Secure_Rich_Internet_Applications_-_1-Day_Course_-_Sep_23.2C_2008 | Learn More Here]]
| |
| − | Instructor: Arshan Dabirsiaghi: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
| |
| − | |-
| |
| − | {| style="width:80%" border="0" align="center"
| |
| − |
| |
| − | ! align="center" style="background:#4058A0; color:white" | T8. Secure Coding for .NET - 2-Days - $1350
| |
| − | |-
| |
| − | | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including:
| |
| − | # .NET security overview,
| |
| − | # All coding examples and recommendations are specifically focused on C#.NET and/or VB.NET and IIS servers, and
| |
| − | # 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a .NET application developed for the class. Both C# and VB.NET versions of the hands on coding labs are available.
| |
| − |
| |
| − | [[:Category:OWASP_AppSec_Conference_Training#T8._Writing_Secure_Code_ASP.NET_-_Sep_22-23.2C_2008 | Learn More Here]]
| |
| − |
| |
| − | Instructor: Jerry Hoff: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
| |
| − | |}
| |
| − | <center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>
| |
| − |
| |
| − | <h2> HOTELS / TRAVEL </h2>
| |
| − | [http://www.parkcentralny.com Park Central Hotel] - # 800.346.1359 / 212.247.8000 ROOM BLOCK # 41258 $549.00 per night.
| |
| − | 870 Seventh Avenue at 56th Street, New York, NY 10019-4038
| |
| − |
| |
| − | [http://maps.google.com/maps?near=7th+Ave+%26+W+56th+St,+New+York,+NY&geocode=&q=hotels&f=l&sll=40.766339,-73.980539&sspn=0.007654,0.02223&ie=UTF8&ll=40.764681,-73.980668&spn=0.007655,0.02223&z=16 Hotels close to the venue]
| |
| − |
| |
| − | What is around APPSEC2008 - [http://www.parkcentralny.com/attractions/attractions.cfm Area Attractions]
| |
| − |
| |
| − | New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html
| |
| − |
| |
| − | New York City Subway & walking directions: http://www.hopstop.com/?city=newyork
| |
| − |
| |
| − | New York Sights & Sounds - SightsSounds
| |
| − |
| |
| − | New York City Travel Guide - http://www.nytoday.com/
| |
| − |
| |
| − | New York City Attractions - http://www.nycvisit.com
| |
| − |
| |
| − | New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/
| |
| − |
| |
| − | New York City local news: http://www.ny1news.com
| |
| − |
| |
| − | <h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.
| |
| − |
| |
| − | <b>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]</b>
| |
Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.
Below please find the videos from the OWASP APPSEC 2008, NYC event that took place on Sept 24th and 25th of 2008 scroll down and click on the video or the slides depending on what you want.
Day 1 – Sept 24th, 2008
|
| |
Track 1: BALLROOM
|
Track 2: SKYLINE
|
Track 3: TIMESQUARE
|
| 07:30-08:50 |
Doors Open for Attendee/Speaker Registration
avoid lines come early get your caffeine fix and use free wifi
|
| 09:00-09:45 |
OWASP Version 3.0 who we are, how we got here and where we are going?
OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paulo Coimbra, Kate Hartmann, Alison Shrader & all local chapter leaders
|
| 10:00-10:45 |
Analysis of the Web Hacking Incidents Database (WHID)
Ofer Shezaf
|
Web Application Security Road Map
Joe White
|
DHS Software Assurance Initiatives
Stan Wisseman & Joe Jarzombek
|
| 11:00-11:45 |
Http Bot Research
Andre M. DiMino - ShadowServer Foundation
|
OWASP "Google Hacking" Project
Christian Heinrich
|
MalSpam Research
Garth Bruen
|
| 12:00-13:00 |
Capture the Flag Sign-Up
LUNCH - Provided by event sponsors @ TechExpo
|
| 12:00-12:45 |
Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
Trey Ford, Tom Brennan, Jeremiah Grossman
|
Framework-level Threat Analysis: Adding Science to the Art of Source-code review
Rohit Sethi & Sahba Kazerooni
|
Automated Web-based Malware Behavioral Analysis
Tyler Hudak
|
| 13:00-13:45 |
New 0-Day Browser Exploits: Clickjacking - yea, this is bad...
Jeremiah Grossman & Robert "RSnake" Hansen
|
WAF ModSecurity
Ivan Ristic
|
Using Layer 8 and OWASP to Secure Web Applications
David Stern & Roman Garber
|
| 14:00-14:45 |
Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Tom King CISO, Barclays Capital,
Mahi Dontamsetti Moderator
|
Security Assessing Java RMI
Adam Boulton
|
JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
Yiannis Pavlosoglou
|
| 15:00-15:45 |
OWASP Testing Guide - Offensive Assessing Financial Applications
Daniel Cuthbert
|
Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani
|
w3af - A Framework to own the web
Andres Riancho
|
| 16:00-16:45 |
OWASP Enterprise Security API (ESAPI) Project
Jeff Williams
|
Cross-Site Scripting Filter Evasion
Alexios Fakos
|
Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
Vijay Akasapu & Marshall Heilman
|
| 17:00-17:45 |
Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
Arian Evans
|
Mastering PCI Section 6.6
Taylor McKinley and Jacob West
|
Multidisciplinary Bank Attacks
Gunter Ollmann
|
| 18:00-18:45 |
OWASP Live CD
Joshua Perrymon
|
Coding Secure w/PHP
Hans Zaunere
|
Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay Bhargav
|
| 19:00-20:00 |
OWASP Chapter Leader / Project Leader working session OWSAP Board/Chapter Leaders
|
(ISC)2 Cocktail Hour all welcome to attend for special announcement
presented by: W. Hord Tipton, Executive Director of (ISC)2
|
Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 23:00
|
| 20:00-23:00+ |
OWASP Event Party/Reception
Event badge required for admission
Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.
Location: HOTEL BALLROOM</b>
|
Day 2 – Sept 25th, 2008
|
| 08:00-10:00 |
BREAKFAST - Provided by event sponsors @ TechExpo
|
| 08:00-08:45 |
Software Development: The Last Security Frontier
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior
Executive Director and member of the Board of Directors, (ISC)²
|
Best Practices Guide: Web Application Firewalls
Alexander Meisel
|
The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
Thomas Ryan
|
| 09:00-09:45 |
OWASP Web Services Top Ten
Gunnar Peterson
|
Tiger Team - APPSEC Projects
Chris Nickerson
|
OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
|
| 10:00-10:45 |
Building a tool for Security consultants: A story of a customized source code scanner
Dinis Cruz
|
"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment
Lee Kushner
|
Industry Analyst with Forrester Research
Chenxi Wang
|
| 11:00-11:45 |
CLASP (Comprehensive, Lightweight Application Security Process)
Pravir Chandra
|
Security in Agile Development
Dave Wichers
|
Secure Software Impact
Jack Danahy
|
| 12:00-12:45 |
Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi
|
Security of Software-as-a-Service (SaaS)
James Landis
|
Open Reverse Benchmarking Project
Marce Luck & Tom Stracener
|
| 12:00-13:00 |
Capture the Flag Status
LUNCH - Provided @ TechExpo
|
| 13:00-13:45 |
NIST SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun
|
Lotus Notes/Domino Web Application Security
Jian Hui Wang
|
Shootout @ Blackbox Corral
Larry Suto
|
| 14:00-14:45 |
Practical Advanced Threat Modeling
John Steven
|
The Owasp Orizon Project: towards version 1.0
Paolo Perego
|
Building Usable Security
Zed Abbadi
|
| 15:00-15:45 |
Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani
|
OWASP EU Summit Portugal
Dinis Cruz
|
Code Secrets
Johan Peeters
|
| 16:00-16:45 |
Vulnerabilities in application interpreters and runtimes
Erik Cabetas
|
Detecting User Disposition - Polar Bears in a Whiteout Robert "RSnake" Hansen
|
Corruption Dave Aitel
|
| 17:00-17:45 |
Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
|
| 18:30-19:30 |
OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!
|
