This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSec Washington 2005/Agenda"
From OWASP
(→OWASP DC 2005 Conference Schedule) |
(→OWASP DC 2005 Conference Schedule) |
||
Line 1: | Line 1: | ||
− | == OWASP | + | <table width="700" border="0" align="center"><tr bgcolor="#4058A0"><td colspan="3"><div align="center"><div align="center"><h1><font color="#FFFFFF"><br>Day 1 - October 11, 2005</font></h1></div></div></td></tr><tr bgcolor="#F2F2F2"><td width="10%" bgcolor="#7B8ABD"> </td><td width="40%" bgcolor="#BC857A"><div align="center">Track 1: Red Auditorium</div></td><td width="40%" bgcolor="#BCA57A"><div align="center">Track 2: Green Auditorium</div></td></tr><tr><td bgcolor="#7B8ABD"><div align="center">08:00 - 09:00 </div></td><td colspan="2" bgcolor="#c2c2c2">Registration and Coffee </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">09:00 - 09:10 </div></td><td colspan="2" bgcolor="#F2F2F2">Introduction: Dave Wichers, OWASP Conferences Chair & COO Aspect Security (<a href="http://www.aspectsecurity.com/owasp/OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4">video</a>) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">09:10 - 10:00 </div></td><td colspan="2" bgcolor="#F2F2F2">Keynote: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Joe_Jarzombek-DHS_SwA_Program_Overview.ppt">ppt</a> / Video) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">10:00 - 11:00 </div></td><td colspan="2" bgcolor="#F2F2F2">Ron Ross - FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Ron_Ross-FISMA.ppt">ppt</a> / video) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">11:00 - 11:20 </div></td><td colspan="2" bgcolor="#c2c2c2">Break </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">11:20 - 12:30 </div></td><td bgcolor="#BC857A">Jack Danahy - CEO Ounce Labs - The Business Case for Software Security Assurance (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Jack_Danahy-Business_Case_for_Application_Security.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4">video</a>) </td><td bgcolor="#BCA57A">Arian Evans - FishNet Security - The OWASP Tools Survey Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Arian_Evans_Tools-Taxonomy.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_ArianEvans_Tools_SurveyProject.mp4">video</a>) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">12:30 - 13:45 </div></td><td colspan="2" bgcolor="#c2c2c2">Lunch</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">13:45 - 15:00 </div></td><td bgcolor="#BC857A">Alex Stamos - iSEC Partners - Web Services Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Alex_Smolen-OWASP_WebServices_Project.ppt">ppt</a>) - Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Alex_Stamos-Attacking_Web_Services.ppt">ppt</a>) (video both) </td><td bgcolor="#BCA57A">Paul Black - NIST - The Software Assurance Metrics and Tool Evaluation (SAMATE) Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Paul_Black-SAMATE_Project.ppt">ppt</a>) <br> |
− | + | Michael Kass - NIST - A Taxonomy of Software Assurance Tools and the Security Bugs They Catch (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Mike_Kass-Tools_Taxonomy.ppt">ppt</a>) (video both) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">15:00 - 15:20 </div></td><td colspan="2" bgcolor="#c2c2c2">Break</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">15:20 - 16:40</div></td><td bgcolor="#BC857A">Diniz Cruz - OWASP .NET Project Lead - Rooting the CLR (<a href="http://www.aspectsecurity.com/owasp/OWASP_DinizCruz_Rooting_the_CLR.mp4">video</a>) </td><td bgcolor="#BCA57A">Paul Black - NIST - Developing a Reference Dataset (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Paul_Black-Reference_Dataset.ppt">ppt</a>) <br> | |
− | + | Rick Kuhn - NIST - Software Fault Interactions (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Rick_Kuhn-Software_Fault_Interactions.ppt">ppt</a>) (<a href="http://www.aspectsecurity.com/owasp/OWASP_PaulBlack_RickKuhn.mp4">video both</a>) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">16:40 - 17:00 </div></td><td colspan="2" bgcolor="#c2c2c2">Break </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">17:00 - 18:00 </div></td><td bgcolor="#BC857A">Alex Smolen - Parasoft - Application Logic Defense (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1AppSec2005DC-Alex_Smolen-Application_Logic-Attacks_Defense.ppt">ppt</a> / video) </td><td bgcolor="#BCA57A">Daniel Cuthbert - OWASP Testing Project Lead - The Evolution of Web Application Penetration Testing (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Dan_Cuthbert-Evolution_of_App_Pen_Testing.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4">video</a>) </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">18:00 - 19:00 </div></td><td colspan="2" bgcolor="#c2c2c2">Bus to Dinner Event at Holiday Inn</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">19:00 - 21:00 </div></td><td colspan="2" bgcolor="#c2c2c2">Dinner Event (Optional) at Holiday Inn</td></tr><tr bgcolor="#4058A0"><td colspan="3"><div align="center"><div align="center"><br><h1><font color="#FFFFFF">Day 2 - October 12, 2005</font></h1></div></div></td></tr><tr bgcolor="#F2F2F2"><td bgcolor="#7B8ABD"> </td><td bgcolor="#BC857A"><div align="center">Track 1: Red Auditorium</div></td><td bgcolor="#BCA57A"><div align="center">Track 2: Green Auditorium</div></td></tr><tr><td bgcolor="#7B8ABD"><div align="center">08:00 - 09:00 </div></td><td colspan="2" bgcolor="#c2c2c2">Coffee</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">09:00 - 09:50 </div></td><td colspan="2" bgcolor="#F2F2F2">Keynote Day 2: Ira Winkler - Secrets of Superspies (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Ira_Winkler-Secrets_of_Superspies.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_IraWinkler_Secrets_and_Superspies.mp4">video</a>)</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">09:50 - 10:50 </div></td><td colspan="2" bgcolor="#F2F2F2">Jeremy Poteet - AppDefense - In the Line of Fire: Defending Highly Visible Targets (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Jeremy_Poteet-In_the_Line_of_Fire.ppt">ppt</a> / video)</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">10:50 - 11:10 </div></td><td colspan="2" bgcolor="#c2c2c2">Break </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">11:10 - 12:30</div></td><td bgcolor="#BC857A">Jeff Williams - OWASP Chair & CEO Aspect Security - The OWASP Guide Project v2 (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Jeff_Williams-OWASP_AppSec_Guide_2.0.ppt">ppt</a>) and OWASP Membership Plan (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Jeff_Williams-OWASP_Membership.ppt">ppt</a>) (video both)</td><td bgcolor="#BCA57A">Danny Allan - Watchfire - Identity Theft, Pfishing, and Pharming: Accountability and Responsibilities (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.ppt">ppt</a>)</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">12:30 - 13:45 </div></td><td colspan="2" bgcolor="#c2c2c2">Lunch</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">13:45 - 15:00 </div></td><td bgcolor="#BC857A">Dinis Cruz - OWASP .NET Project Lead - OWASP .Net Tools Project</td><td bgcolor="#BCA57A">Matt Fisher - SPI Dynamics - Worms Now Targeting Web Applications (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Matt_Fisher-Google_Hacking_and_Worms.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/dcVideos/OWASP_MattFisher_WormsNowTargetingWebApps.mp4">video</a>)</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">15:00 - 15:20 </div></td><td colspan="2" bgcolor="#c2c2c2">Break</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">15:20 - 16:30 </div></td><td bgcolor="#BC857A">Tony Canike - The Vanguard Group - Establishing an Enterprise-Wide Application Security Program (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Anthony_Canike-Enterprise_AppSec_Program.ppt">ppt</a> / video)</td><td bgcolor="#BCA57A">Rogan Dawes - OWASP WebScarab Project Lead - Advanced Features of WebScarab (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Rogan_Dawes-WebScarab.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4">video</a>)</td></tr><tr><td bgcolor="#7B8ABD"><div align="center">16:30 - 16:50</div></td><td colspan="2" bgcolor="#c2c2c2">Break </td></tr><tr><td bgcolor="#7B8ABD"><div align="center">16:50 - 17:50 </div></td><td bgcolor="#BC857A">John Steven - Cigital - Building a Scalable Software Security Practice within your Organization </td><td bgcolor="#BCA57A">Gunnar Peterson - Arctec Group - Integrating Identity Services into Web Applications (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Gunnar_Peterson-Identity-Services-in-WebApps.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4">video</a>)</td></tr></table> | |
− | |||
− |
Revision as of 10:43, 30 May 2006
| ||
Track 1: Red Auditorium | Track 2: Green Auditorium | |
08:00 - 09:00 | Registration and Coffee | |
09:00 - 09:10 | Introduction: Dave Wichers, OWASP Conferences Chair & COO Aspect Security (<a href="http://www.aspectsecurity.com/owasp/OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4">video</a>) | |
09:10 - 10:00 | Keynote: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Joe_Jarzombek-DHS_SwA_Program_Overview.ppt">ppt</a> / Video) | |
10:00 - 11:00 | Ron Ross - FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Ron_Ross-FISMA.ppt">ppt</a> / video) | |
11:00 - 11:20 | Break | |
11:20 - 12:30 | Jack Danahy - CEO Ounce Labs - The Business Case for Software Security Assurance (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Jack_Danahy-Business_Case_for_Application_Security.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4">video</a>) | Arian Evans - FishNet Security - The OWASP Tools Survey Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Arian_Evans_Tools-Taxonomy.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_ArianEvans_Tools_SurveyProject.mp4">video</a>) |
12:30 - 13:45 | Lunch | |
13:45 - 15:00 | Alex Stamos - iSEC Partners - Web Services Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Alex_Smolen-OWASP_WebServices_Project.ppt">ppt</a>) - Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1/AppSec2005DC-Alex_Stamos-Attacking_Web_Services.ppt">ppt</a>) (video both) | Paul Black - NIST - The Software Assurance Metrics and Tool Evaluation (SAMATE) Project (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Paul_Black-SAMATE_Project.ppt">ppt</a>) Michael Kass - NIST - A Taxonomy of Software Assurance Tools and the Security Bugs They Catch (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Mike_Kass-Tools_Taxonomy.ppt">ppt</a>) (video both) |
15:00 - 15:20 | Break | |
15:20 - 16:40 | Diniz Cruz - OWASP .NET Project Lead - Rooting the CLR (<a href="http://www.aspectsecurity.com/owasp/OWASP_DinizCruz_Rooting_the_CLR.mp4">video</a>) | Paul Black - NIST - Developing a Reference Dataset (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Paul_Black-Reference_Dataset.ppt">ppt</a>) Rick Kuhn - NIST - Software Fault Interactions (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Rick_Kuhn-Software_Fault_Interactions.ppt">ppt</a>) (<a href="http://www.aspectsecurity.com/owasp/OWASP_PaulBlack_RickKuhn.mp4">video both</a>) |
16:40 - 17:00 | Break | |
17:00 - 18:00 | Alex Smolen - Parasoft - Application Logic Defense (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day1AppSec2005DC-Alex_Smolen-Application_Logic-Attacks_Defense.ppt">ppt</a> / video) | Daniel Cuthbert - OWASP Testing Project Lead - The Evolution of Web Application Penetration Testing (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day1/AppSec2005DC-Dan_Cuthbert-Evolution_of_App_Pen_Testing.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4">video</a>) |
18:00 - 19:00 | Bus to Dinner Event at Holiday Inn | |
19:00 - 21:00 | Dinner Event (Optional) at Holiday Inn | |
Day 2 - October 12, 2005 | ||
Track 1: Red Auditorium | Track 2: Green Auditorium | |
08:00 - 09:00 | Coffee | |
09:00 - 09:50 | Keynote Day 2: Ira Winkler - Secrets of Superspies (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Ira_Winkler-Secrets_of_Superspies.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_IraWinkler_Secrets_and_Superspies.mp4">video</a>) | |
09:50 - 10:50 | Jeremy Poteet - AppDefense - In the Line of Fire: Defending Highly Visible Targets (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Jeremy_Poteet-In_the_Line_of_Fire.ppt">ppt</a> / video) | |
10:50 - 11:10 | Break | |
11:10 - 12:30 | Jeff Williams - OWASP Chair & CEO Aspect Security - The OWASP Guide Project v2 (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Jeff_Williams-OWASP_AppSec_Guide_2.0.ppt">ppt</a>) and OWASP Membership Plan (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Jeff_Williams-OWASP_Membership.ppt">ppt</a>) (video both) | Danny Allan - Watchfire - Identity Theft, Pfishing, and Pharming: Accountability and Responsibilities (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.ppt">ppt</a>) |
12:30 - 13:45 | Lunch | |
13:45 - 15:00 | Dinis Cruz - OWASP .NET Project Lead - OWASP .Net Tools Project | Matt Fisher - SPI Dynamics - Worms Now Targeting Web Applications (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Matt_Fisher-Google_Hacking_and_Worms.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/dcVideos/OWASP_MattFisher_WormsNowTargetingWebApps.mp4">video</a>) |
15:00 - 15:20 | Break | |
15:20 - 16:30 | Tony Canike - The Vanguard Group - Establishing an Enterprise-Wide Application Security Program (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_1-Day2/AppSec2005DC-Anthony_Canike-Enterprise_AppSec_Program.ppt">ppt</a> / video) | Rogan Dawes - OWASP WebScarab Project Lead - Advanced Features of WebScarab (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Rogan_Dawes-WebScarab.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4">video</a>) |
16:30 - 16:50 | Break | |
16:50 - 17:50 | John Steven - Cigital - Building a Scalable Software Security Practice within your Organization | Gunnar Peterson - Arctec Group - Integrating Identity Services into Web Applications (<a href="/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-Day2/AppSec2005DC-Gunnar_Peterson-Identity-Services-in-WebApps.ppt">ppt</a> / <a href="http://www.aspectsecurity.com/owasp/OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4">video</a>) |