Revision as of 21:31, 2 October 2008

2008 OWASP USA, NYC

Last Update: 10/2/2008

Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. OWASP is like "public radio" so support our efforts join today as a corporate or individual member learn more CLICK HERE

Note as of Oct 2nd, we are adding the videos as the become avail., and expect them to be all online in the next few days...

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th VIDEOS

Day 1 – Sept 24th, 2008
	Track 1: BALLROOM	Track 2: SKYLINE	Track 3: TIMESQUARE
07:30-08:50	Doors Open for Attendee/Speaker Registration avoid lines come early get your caffeine fix and use free wifi
09:00-09:45	OWASP Version 3.0 who we are, how we got here and where we are going? - VIDEO / Dave Wichers's SLIDES OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder &
10:00-10:45	[[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 } Analysis of the Web Hacking Incidents Database (WHID)]] VIDEO / SLIDES Ofer Shezaf	Web Application Security Road Map VIDEO / SLIDES Joe White	DHS Software Assurance Initiatives - VIDEO / SLIDES Stan Wisseman & Joe Jarzombek
11:00-11:45	Http Bot Research - VIDEO / SLIDES Andre M. DiMino - ShadowServer Foundation	OWASP "Google Hacking" Project - VIDEO / SLIDES Christian Heinrich	MalSpam Research - VIDEO / SLIDES Garth Bruen
12:00-13:00	Capture the Flag Sign-Up LUNCH - Provided by event sponsors @ TechExpo
12:00-12:45	Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - VIDEO / SLIDES Trey Ford, Tom Brennan, Jeremiah Grossman	Framework-level Threat Analysis: Adding Science to the Art of Source-code review Rohit Sethi & Sahba Kazerooni	Automated Web-based Malware Behavioral Analysis Tyler Hudak
13:00-13:45	New 0-Day Browser Exploits: Clickjacking - yea, this is bad... Jeremiah Grossman & Robert "RSnake" Hansen	WAF ModSecurity Ivan Ristic	Using Layer 8 and OWASP to Secure Web Applications David Stern & Roman Garber
14:00-14:45	Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Tom King CISO, Barclays Capital, Mahi Dontamsetti Moderator	Security Assessing Java RMI Adam Boulton	JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web Yiannis Pavlosoglou
15:00-15:45	OWASP Testing Guide - Offensive Assessing Financial Applications Daniel Cuthbert	Flash Parameter Injection (FPI) Ayal Yogev & Adi Sharabani	w3af - A Framework to own the web Andres Riancho
16:00-16:45	OWASP Enterprise Security API (ESAPI) Project Jeff Williams	Cross-Site Scripting Filter Evasion Alexios Fakos	Case Studies: Exploiting application testing tool deficiencies via "out of band" injection Vijay Akasapu & Marshall Heilman
17:00-17:45	Threading the Needle: Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans	Mastering PCI Section 6.6 Taylor McKinley and Jacob West	Multidisciplinary Bank Attacks Gunter Ollmann
18:00-18:45	Joshua Perrymon	Coding Secure w/PHP Hans Zaunere	Payment Card Data Security and the new Enterprise Java Dr. B. V. Kumar & Mr. Abhay Bhargav
19:00-20:00	OWASP Chapter Leader / Project Leader working session OWSAP Board/Chapter Leaders	(ISC)2 Cocktail Hour all welcome to attend for special announcement presented by: W. Hord Tipton, Executive Director of (ISC)2	Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 23:00
20:00-23:00+	OWASP Event Party/Reception Event badge required for admission Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes. Location: HOTEL BALLROOM</b>
Day 2 – Sept 25th, 2008
08:00-10:00	BREAKFAST - Provided by event sponsors @ TechExpo
08:00-08:45	Software Development: The Last Security Frontier W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²	Best Practices Guide: Web Application Firewalls Alexander Meisel	The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis Thomas Ryan
09:00-09:45	OWASP Web Services Top Ten Gunnar Peterson	Tiger Team - APPSEC Projects Chris Nickerson	OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
10:00-10:45	Building a tool for Security consultants: A story of a customized source code scanner Dinis Cruz	"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment Lee Kushner	Industry Analyst with Forrester Research Chenxi Wang
11:00-11:45	Pravir Chandra	Security in Agile Development Dave Wichers ppt	Secure Software Impact Jack Danahy
12:00-12:45	Next Generation Cross Site Scripting Worms Arshan Dabirsiaghi	Security of Software-as-a-Service (SaaS) James Landis	Open Reverse Benchmarking Project Marce Luck & Tom Stracener
12:00-13:00	Capture the Flag Status LUNCH - Provided @ TechExpo
13:00-13:45	NIST SAMATE Static Analysis Tool Exposition (SATE) Vadim Okun	Lotus Notes/Domino Web Application Security Jian Hui Wang	Shootout @ Blackbox Corral Larry Suto
14:00-14:45	Practical Advanced Threat Modeling John Steven	Paolo Perego	Building Usable Security Zed Abbadi
15:00-15:45	Off-shoring Application Development? Security is Still Your Problem Rohyt Belani	OWASP EU Summit Portugal Dinis Cruz	Code Secrets Johan Peeters
16:00-16:45	Vulnerabilities in application interpreters and runtimes Erik Cabetas	Detecting User Disposition - Polar Bears in a Whiteout Robert "RSnake" Hansen	Corruption Dave Aitel
17:00-17:45	Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
18:30-19:30	OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!

@@ Line 21: / Line 21: @@
 |-
   | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, how we got here and where we are going? - <b>[http://video.google.com/videoplay?docid=2333070846287409588&hl=en VIDEO] / [http://www.owasp.org/images/b/b7/AppSecNYC08-Delivering_AppSec_Info.ppt Dave Wichers's SLIDES]</b>
-''OWASP Foundation: [http://www.owasp.org/index.php/Contact Jeff Williams], [http://www.owasp.org/index.php/Contact Dinis Cruz], [http://www.owasp.org/index.php/Contact Dave Wichers], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.owasp.org/index.php/Contact Sebastien Deleersnyder], [http://www.owasp.org/index.php/Contact Paulo Coimbra], [http://www.owasp.org/index.php/Contact Kate Hartmann], [http://www.owasp.org/index.php/Contact Alison Shrader] & [http://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials all local chapter leaders]
+''OWASP Foundation: [[Contact | Jeff Williams]], [[Contact | Dinis Cruz]], [[Contact | Dave Wichers]], [[Contact | Tom Brennan]], [[Contact | Sebastien Deleersnyder]] & [[Category:OWASP_Chapter#Chapter_Support_Materials | all local chapter leaders]]
 ''
 |-
-| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" |  [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)] VIDEO / SLIDES
+| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" |  [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 } Analysis of the Web Hacking Incidents Database (WHID)]] VIDEO / SLIDES
 ''[http://blog.shezaf.com Ofer Shezaf]''
   | style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map] VIDEO / SLIDES <br>
@@ Line 38: / Line 38: @@
 '' [http://www.knujon.com/bios.html Garth Bruen]''
 |-
-  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" |  [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
+  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Sign-Up
 ''LUNCH - Provided by event sponsors @ TechExpo''
 |-
@@ Line 44: / Line 44: @@
 ''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]''
   | style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-rohit-sethi Rohit Sethi] & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni Sahba Kazerooni]''
+''[[OWASP_NYC_AppSec_2008_Conference-rohit-sethi | Rohit Sethi]] & [[OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni | Sahba Kazerooni]]''
 | style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
 ''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
@@ Line 54: / Line 54: @@
 | style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
 ''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''
 |-
 | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, [http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, <br> [http://www.linkedin.com/in/mahidontamsetti   Mahi Dontamsetti] Moderator''
@@ Line 60: / Line 59: @@
 ''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
 | style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
+''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou | Yiannis Pavlosoglou]]''
 |-
-| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |OWASP Testing Guide - Offensive Assessing Financial Applications
+| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | OWASP Testing Guide - Offensive Assessing Financial Applications
-'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
+'' [[OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert | Daniel Cuthbert]]''
   | style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
 ''Ayal Yogev & Adi Sharabani''
-| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af - A Framework to own the web]
+| style="width:30%; background:#99FF99" align="left" |[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho | w3af - A Framework to own the web]]
 ''Andres Riancho''
 |-
-| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
+| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [[ESAPI | (ESAPI) Project]]
 '' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
   | style="width:30%; background:#BCA57A" align="left" | Cross-Site Scripting Filter Evasion
@@ Line 81: / Line 80: @@
   | style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
 ''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
-| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
+| style="width:30%; background:#99FF99" align="left" | [[OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann | Multidisciplinary Bank Attacks]]
 ''Gunter Ollmann''
 |-
-| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
+| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [[Category:OWASP_Live_CD_Project | OWASP Live CD]]
 '' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
   | style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
 ''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
-| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
+| style="width:30%; background:#99FF99" align="left" | [[Payment_Card_Data_Security_and_the_new_Enterprise_Java | Payment Card Data Security and the new Enterprise Java]]
-''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar Dr. B. V. Kumar] & [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav Mr. Abhay Bhargav]''
+''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar | Dr. B. V. Kumar]] & [[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav | Mr. Abhay Bhargav]]''
 |-
 | style="width:10%; background:#7B8ABD" | 19:00-20:00 || style="width:30%; background:#BC857A" align="left" | OWASP Chapter Leader / Project Leader working session ''OWSAP Board/Chapter Leaders''
@@ Line 96: / Line 95: @@
 |-
-  | style="width:10%; background:#7B8ABD" | 20:00-23:00+ || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Event Party/Reception <br>Event badge required for admission <br>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.] <br>''Location: HOTEL BALLROOM''</b>
+  | style="width:10%; background:#7B8ABD" | 20:00-23:00+ || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Event Party/Reception <br>Event badge required for admission <br>[[OWASP_NYC_AppSec_2008_Conference/ctf | Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.]] <br>''Location: HOTEL BALLROOM''</b>
 <br>
 |-

Difference between revisions of "OWASP NYC AppSec 2008 Conference"

Revision as of 21:31, 2 October 2008

2008 OWASP USA, NYC

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th VIDEOS

Day 1 – Sept 24th, 2008

Day 2 – Sept 25th, 2008

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools