This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP NYC AppSec 2008 Conference"

From OWASP
Jump to: navigation, search
Line 200: Line 200:
 
'''[http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html Tiger Team - APPSEC Projects]'''<br>
 
'''[http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html Tiger Team - APPSEC Projects]'''<br>
 
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''<br>
 
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''<br>
[http://video.google.com/videoplay?docid=-1638710543904774703&hl=en VIDEO] / SLIDES]
+
[http://video.google.com/videoplay?docid=-1638710543904774703&hl=en VIDEO] / SLIDES
 
| style="width:30%; background:#99FF99" align="center" |  
 
| style="width:30%; background:#99FF99" align="center" |  
 
'''OpenSource Tools'''<br>
 
'''OpenSource Tools'''<br>
Line 283: Line 283:
 
[http://video.google.com/videoplay?docid=-7044581008789784268&hl=en VIDEO] / SLIDES
 
[http://video.google.com/videoplay?docid=-7044581008789784268&hl=en VIDEO] / SLIDES
 
| style="width:30%; background:#99FF99" align="center" |  
 
| style="width:30%; background:#99FF99" align="center" |  
'''Code Secrets'''<br>
+
'''A Security Architecture Case Study'''<br>
 
''[http://johanpeeters.com Johan Peeters]''<br>
 
''[http://johanpeeters.com Johan Peeters]''<br>
 
[http://video.google.com/videoplay?docid=-4553372140069628300&hl=en VIDEO] / SLIDES
 
[http://video.google.com/videoplay?docid=-4553372140069628300&hl=en VIDEO] / SLIDES
Line 308: Line 308:
 
If you could not find it above... check [http://video.google.com/videosearch?q=owasp.tv&emb=0&aq=f# HERE FOR VIDEOS]
 
If you could not find it above... check [http://video.google.com/videosearch?q=owasp.tv&emb=0&aq=f# HERE FOR VIDEOS]
 
<br>
 
<br>
Video content produced, processed and posted by [www.MediaArchives.com www.MediaArchives.com]
+
Video content produced, processed and posted by [http://www.MediaArchives.com www.MediaArchives.com]

Revision as of 23:04, 17 October 2008

2008 OWASP USA, NYC

Last Update: 10/17/2008



Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. OWASP is like "public radio" so support our efforts join today as a corporate or individual member learn more CLICK HERE



SEE BELOW FOR VIDEO AND SLIDES - CLICK HERE FOR PHOTOS

Join the OWASP Linked'In Group

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th VIDEOS

Day 1 – Sept 24th, 2008

Track 1: BALLROOM Track 2: SKYLINE Track 3: TIMESQUARE
07:30-08:50 Doors Open for Attendee/Speaker Registration

avoid lines come early get your caffeine fix and use free wifi

09:00-09:45 OWASP Version 3.0 who we are, how we got here and where we are going?


OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder
VIDEO / Dave Wichers's SLIDES

10:00-10:45 Analysis of the Web Hacking Incidents Database (WHID)

Ofer Shezaf
VIDEO / SLIDES

Web Application Security Road Map
Joe White
VIDEO / SLIDES

DHS Software Assurance Initiatives
Stan Wisseman & Joe Jarzombek
VIDEO / SLIDES

11:00-11:45

Http Bot Research
Andre M. DiMino - ShadowServer Foundation
VIDEO / SLIDES

OWASP "Google Hacking" Project
Christian Heinrich
VIDEO / SLIDES

MalSpam Research
Garth Bruen
VIDEO / SLIDES

12:00-13:00 Capture the Flag Sign-Up

LUNCH - Provided by event sponsors @ TechExpo

12:00-12:45

Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
Trey Ford, Tom Brennan, Jeremiah Grossman
VIDEO / SLIDES

Framework-level Threat Analysis: Adding Science to the Art of Source-code review
Rohit Sethi & Sahba Kazerooni
VIDEO / SLIDES

Automated Web-based Malware Behavioral Analysis
Tyler Hudak
VIDEO / SLIDES

13:00-13:45

New 0-Day Browser Exploits: Clickjacking - yea, this is bad...
Jeremiah Grossman & Robert "RSnake" Hansen
VIDEO / SLIDES

Web Intrusion Detection with ModSecurity
Ivan Ristic
VIDEO / SLIDES

Using Layer 8 and OWASP to Secure Web Applications
David Stern & Roman Garber
VIDEO / SLIDES

14:00-14:45 Industry Outlook Panel:

Mark Clancy EVP CitiGroup,
Jim Routh CISO DTCC,
Sunil Seshadri CISO NYSE-Euronet,
Warren Axelrod SVP Bank of America,
Joe Bernik SVP, RBS,
Jennifer Bayuk Infosec Consultant,
Philip Venables CISO, Goldman Sachs,
Carlos Recalde SVP, Lehman Brothers,
Tom King CISO, Barclays Capital
Moderator: Mahi Dontamsetti
VIDEO / SLIDES

Security Assessing Java RMI
Adam Boulton
VIDEO / SLIDES

JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
Yiannis Pavlosoglou
VIDEO / SLIDES

15:00-15:45

OWASP Testing Guide - Offensive Assessing Financial Applications
Daniel Cuthbert
VIDEO / SLIDES

Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani
VIDEO / SLIDES

w3af - A Framework to own the web
Andres Riancho
VIDEO / VIDEO

16:00-16:45

OWASP Enterprise Security API (ESAPI) Project
Jeff Williams
VIDEO / SLIDES

Cross-Site Scripting Filter Evasion
Alexios Fakos
VIDEO / SLIDES

Multidisciplinary Bank Attacks
Gunter Ollmann
VIDEO / SLIDES

17:00-17:45

Open Discussion On Application Security
Joe Bernik & Steve Anton
VIDEO / SLIDES

Mastering PCI Section 6.6
Taylor McKinley and Jacob West
VIDEO / SLIDES

Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
Vijay Akasapu & Marshall Heilman
VIDEO / SLIDES

18:00-18:45

Spearfishing and the OWASP Live CD Project
Joshua Perrymon
VIDEO / SLIDES

Coding Secure w/PHP
Hans Zaunere
VIDEO / SLIDES

Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay Bhargav
VIDEO / SLIDES

19:00-20:00

OWASP Chapter Leader / Project Leader working session
OWSAP Board/Chapter Leaders

(ISC)2 Cocktail Hour
All welcome to attend for a special announcement presented by:
W. Hord Tipton, Executive Director of (ISC)2

Technology Movie Night
Sneakers, WarGames, HackersArePeopleToo, TigerTeam
from 19:00 - 23:00

20:00-23:00+ OWASP Event Party/Reception
Event badge required for admission
Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.
Location: HOTEL BALLROOM


Day 2 – Sept 25th, 2008

08:00-10:00 BREAKFAST - Provided by event sponsors @ TechExpo
08:00-08:45

Software Development: The Last Security Frontier
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²
VIDEO / SLIDES

Best Practices Guide: Web Application Firewalls
Alexander Meisel
VIDEO / SLIDES

The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
Thomas Ryan
VIDEO / SLIDES

09:00-09:45

OWASP Web Services Top Ten
Gunnar Peterson
VIDEO / SLIDES

Tiger Team - APPSEC Projects
Chris Nickerson
VIDEO / SLIDES

OpenSource Tools
Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
VIDEO / SLIDES

10:00-10:45

Building a tool for Security consultants: A story of a customized source code scanner
Dinis Cruz
VIDEO / SLIDES

"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment
Lee Kushner
VIDEO / SLIDES

Industry Analyst with Forrester Research
Chenxi Wang
VIDEO / SLIDES

11:00-11:45

CLASP (Comprehensive, Lightweight Application Security Process)
Pravir Chandra
VIDEO / SLIDES

Security in Agile Development
Dave Wichers
VIDEO / SLIDES

Secure Software Impact
Jack Danahy
VIDEO / SLIDES

12:00-12:45

Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi
VIDEO / SLIDES

Security of Software-as-a-Service (SaaS)
James Landis
VIDEO / SLIDES

Open Reverse Benchmarking Project
Marce Luck & Tom Stracener
VIDEO / SLIDES

12:00-13:00 Capture the Flag Status

LUNCH - Provided @ TechExpo

13:00-13:45

NIST SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun
VIDEO / SLIDES

Lotus Notes/Domino Web Application Security
Jian Hui Wang
VIDEO / SLIDES

Shootout @ Blackbox Corral
Larry Suto
VIDEO / SLIDES

14:00-14:45

Practical Advanced Threat Modeling
John Steven
VIDEO / SLIDES

The OWASP Orizon Project: towards version 1.0
Paolo Perego
VIDEO / SLIDES

Building Usable Security
Zed Abbadi
VIDEO / SLIDES

15:00-15:45

Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani
VIDEO / SLIDES

OWASP EU Summit Portugal
Dinis Cruz
VIDEO / SLIDES

A Security Architecture Case Study
Johan Peeters
VIDEO / SLIDES

16:00-16:45

Vulnerabilities in application interpreters and runtimes
Erik Cabetas
VIDEO / SLIDES

Cryptography For Penetration Testers
Chris Eng
VIDEO / SLIDES

Memory Corruption and Buffer Overflows
Dave Aitel
VIDEO / SLIDES

17:00-17:45 Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles

VIDEO

18:30-19:30 OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!

If you could not find it above... check HERE FOR VIDEOS
Video content produced, processed and posted by www.MediaArchives.com