This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP NYC AppSec 2008 Conference"
From OWASP
| Line 23: | Line 23: | ||
''avoid lines come early get your caffeine fix and use free wifi'' | ''avoid lines come early get your caffeine fix and use free wifi'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, how we got here and where we are going?<br> | + | | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | '''OWASP Version 3.0 who we are, how we got here and where we are going?'''<br> |
| − | + | <br> | |
| − | <br | + | ''OWASP Foundation: [[Contact | Jeff Williams]], [[Contact | Dinis Cruz]], [[Contact | Dave Wichers]], [[Contact | Tom Brennan]], [[Contact | Sebastien Deleersnyder]]'' <br> |
| − | ''OWASP Foundation: [[Contact | Jeff Williams]], [[Contact | Dinis Cruz]], [[Contact | Dave Wichers]], [[Contact | Tom Brennan]], [[Contact | Sebastien Deleersnyder]]'' | + | [http://www.owasp.org/images/b/b7/AppSecNYC08-Delivering_AppSec_Info.ppt Dave Wichers's SLIDES] |
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" | '''[[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 | Analysis of the Web Hacking Incidents Database (WHID)]]''' <br> |
| − | ''[http://blog.shezaf.com Ofer Shezaf]'' | + | ''[http://blog.shezaf.com Ofer Shezaf]''<br> |
| − | | style="width:30%; background:#BCA57A" align=" | + | [http://video.google.com/videoplay?docid=-5720864613313370961 VIDEO] / SLIDES |
| − | ''[http://joesecurity.blogspot.com Joe White]'' | + | | style="width:30%; background:#BCA57A" align="center" | |
| − | | style="width:30%; background:#99FF99" align=" | + | '''[http://www.webappsecroadmap.com Web Application Security Road Map]'''<br> |
| − | ''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]'' | + | ''[http://joesecurity.blogspot.com Joe White]''<br> |
| + | [http://video.google.com/videoplay?docid=-1779454916843226992 VIDEO] / [https://sites.google.com/a/webappsecroadmap.com/main/announcements/owasp-appsec-2008-presentation-has-been-uploaded SLIDES] | ||
| + | | style="width:30%; background:#99FF99" align="center" | | ||
| + | '''[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]'''<br> | ||
| + | ''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''<br> | ||
| + | [http://video.google.com/videoplay?docid=1622760378697749199 VIDEO] / SLIDES | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" | |
| − | ''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]'' | + | '''Http Bot Research'''<br> |
| − | | style="width:30%; background:#BCA57A" align=" | + | ''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''<br> |
| − | ''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]'' | + | [http://video.google.com/videoplay?docid=2497951893063269839 VIDEO] / SLIDES |
| − | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
| − | '' [http://www.knujon.com/bios.html Garth Bruen]'' | + | '''OWASP "Google Hacking" Project'''<br> |
| + | ''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''<br> | ||
| + | [http://video.google.com/videoplay?docid=-52323203011607769 VIDEO] / SLIDES | ||
| + | | style="width:30%; background:#99FF99" align="center" | | ||
| + | '''MalSpam Research'''<br> | ||
| + | '' [http://www.knujon.com/bios.html Garth Bruen]''<br> | ||
| + | [http://video.google.com/videoplay?docid=-5258350405868786488 VIDEO] / SLIDES | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Sign-Up | | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Sign-Up | ||
''LUNCH - Provided by event sponsors @ TechExpo'' | ''LUNCH - Provided by event sponsors @ TechExpo'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" | |
| − | ''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]'' | + | '''Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'''<br> |
| − | | style="width:30%; background:#BCA57A" align=" | + | ''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]''<br> |
| − | ''[[OWASP_NYC_AppSec_2008_Conference-rohit-sethi | Rohit Sethi]] & [[OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni | Sahba Kazerooni]]'' | + | [http://video.google.com/videoplay?docid=-5017192788997757423 VIDEO] / SLIDES |
| − | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
| − | ''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]'' | + | '''Framework-level Threat Analysis: Adding Science to the Art of Source-code review'''<br> |
| + | ''[[OWASP_NYC_AppSec_2008_Conference-rohit-sethi | Rohit Sethi]] & [[OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni | Sahba Kazerooni]]''<br> | ||
| + | [http://video.google.com/videoplay?docid=-5173141565449551205 VIDEO] / SLIDES | ||
| + | | style="width:30%; background:#99FF99" align="center" | | ||
| + | '''Automated Web-based Malware Behavioral Analysis'''<br> | ||
| + | ''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''<br> | ||
| + | [http://video.google.com/videoplay?docid=1242822225444892511 VIDEO] / SLIDES | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align=" | + | | style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" | |
| − | ''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]'' | + | '''[http://blogs.adobe.com/psirt/2008/09/thanks_to_jeremiah_grossman_an.html New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]'''<br> |
| − | | style="width:30%; background:#BCA57A" align=" | + | ''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''<br> |
| − | ''[http://www.breach.com/company/executive-team/ Ivan Ristic]'' | + | [http://video.google.com/videoplay?docid=-1023253423246814538 VIDEO] / SLIDES |
| − | | style="width:30%; background:#99FF99" align=" | + | | style="width:30%; background:#BCA57A" align="center" | |
| − | ''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]'' | + | '''Web Intrusion Detection with ModSecurity'''<br> |
| + | ''[http://www.breach.com/company/executive-team/ Ivan Ristic]''<br> | ||
| + | VIDEO / [[Media:OWASP_NYC_2008-Web_Intrusion_Detection_with_ModSecurity.pdf|SLIDES]] | ||
| + | | style="width:30%; background:#99FF99" align="center" | | ||
| + | '''Using Layer 8 and OWASP to Secure Web Applications'''<br> | ||
| + | ''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''<br> | ||
| + | [http://video.google.com/videoplay?docid=5266888637212683476 VIDEO] / SLIDES | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, [http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, <br> [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator'' | | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, [http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, <br> [http://www.linkedin.com/in/mahidontamsetti Mahi Dontamsetti] Moderator'' | ||
Revision as of 16:38, 15 October 2008
2008 OWASP USA, NYC
Last Update: 10/15/2008
Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. OWASP is like "public radio" so support our efforts join today as a corporate or individual member learn more CLICK HERE
CLICK HERE FOR VIDEOS - CLICK HERE FOR PHOTOS
2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th VIDEOS
Day 1 – Sept 24th, 2008 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Track 1: BALLROOM | Track 2: SKYLINE | Track 3: TIMESQUARE | |||||||
| 07:30-08:50 | Doors Open for Attendee/Speaker Registration
avoid lines come early get your caffeine fix and use free wifi | ||||||||
| 09:00-09:45 | OWASP Version 3.0 who we are, how we got here and where we are going?
| ||||||||
| 10:00-10:45 | Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf |
DHS Software Assurance Initiatives | |||||||
| 11:00-11:45 |
Http Bot Research |
OWASP "Google Hacking" Project |
MalSpam Research | ||||||
| 12:00-13:00 | Capture the Flag Sign-Up
LUNCH - Provided by event sponsors @ TechExpo | ||||||||
| 12:00-12:45 |
Get Rich or Die Trying - Making Money on The Web, The Black Hat Way |
Framework-level Threat Analysis: Adding Science to the Art of Source-code review |
Automated Web-based Malware Behavioral Analysis | ||||||
| 13:00-13:45 |
New 0-Day Browser Exploits: Clickjacking - yea, this is bad... |
Web Intrusion Detection with ModSecurity |
Using Layer 8 and OWASP to Secure Web Applications | ||||||
| 14:00-14:45 | Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Tom King CISO, Barclays Capital, Mahi Dontamsetti Moderator |
Security Assessing Java RMI | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web | ||||||
| 15:00-15:45 | OWASP Testing Guide - Offensive Assessing Financial Applications | Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani |
w3af - A Framework to own the web
Andres Riancho | ||||||
| 16:00-16:45 | OWASP Enterprise Security API (ESAPI) Project | Cross-Site Scripting Filter Evasion
Alexios Fakos |
Case Studies: Exploiting application testing tool deficiencies via "out of band" injection | ||||||
| 17:00-17:45 | Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans |
Mastering PCI Section 6.6 | Multidisciplinary Bank Attacks
Gunter Ollmann | ||||||
| 18:00-18:45 | OWASP Live CD | Coding Secure w/PHP | Payment Card Data Security and the new Enterprise Java | ||||||
| 19:00-20:00 | OWASP Chapter Leader / Project Leader working session OWSAP Board/Chapter Leaders | (ISC)2 Cocktail Hour all welcome to attend for special announcement presented by: W. Hord Tipton, Executive Director of (ISC)2 |
Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 23:00 | ||||||
| 20:00-23:00+ | OWASP Event Party/Reception Event badge required for admission Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes. Location: HOTEL BALLROOM
| ||||||||
Day 2 – Sept 25th, 2008 | |||||||||
| 08:00-10:00 | BREAKFAST - Provided by event sponsors @ TechExpo | ||||||||
| 08:00-08:45 | Software Development: The Last Security Frontier
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)² |
Best Practices Guide: Web Application Firewalls
Alexander Meisel |
The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis | ||||||
| 09:00-09:45 | OWASP Web Services Top Ten | Tiger Team - APPSEC Projects | OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ | ||||||
| 10:00-10:45 | Building a tool for Security consultants: A story of a customized source code scanner
Dinis Cruz |
"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment | Industry Analyst with Forrester Research | ||||||
| 11:00-11:45 |
Pravir Chandra |
Security in Agile Development | Secure Software Impact | ||||||
| 12:00-12:45 | Next Generation Cross Site Scripting Worms | Security of Software-as-a-Service (SaaS) | Open Reverse Benchmarking Project
Marce Luck & Tom Stracener | ||||||
| 12:00-13:00 | Capture the Flag Status
LUNCH - Provided @ TechExpo | ||||||||
| 13:00-13:45 | NIST SAMATE Static Analysis Tool Exposition (SATE) | Lotus Notes/Domino Web Application Security | Shootout @ Blackbox Corral
Larry Suto | ||||||
| 14:00-14:45 | Practical Advanced Threat Modeling
John Steven |
The OWASP Orizon Project: towards version 1.0 Paolo Perego | Building Usable Security | ||||||
| 15:00-15:45 | Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani |
OWASP EU Summit Portugal
Dinis Cruz |
Code Secrets | ||||||
| 16:00-16:45 | Vulnerabilities in application interpreters and runtimes
Erik Cabetas |
Detecting User Disposition - Polar Bears in a Whiteout Robert "RSnake" Hansen | Corruption Dave Aitel | ||||||
| 17:00-17:45 | Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles | ||||||||
| 18:30-19:30 | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better! | ||||||||
