This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec Europe 2009 - Poland ag"
From OWASP
(New page: {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 - May 13, 2009 |- | style="width:10%; background:#7B8ABD" | |...) |
|||
| Line 65: | Line 65: | ||
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 - May 14, 2009 | ! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 - May 14, 2009 | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: | + | | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: Alfa 1 |
| − | | style="width:30%; background:#BCA57A" | Track 2: | + | | style="width:30%; background:#BCA57A" | Track 2: Alfa 2 |
| style="width:30%; background:#99FF99" | Track 3: Room 3 | | style="width:30%; background:#99FF99" | Track 3: Room 3 | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee | | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:00-09: | + | | style="width:10%; background:#7B8ABD" | 09:00-09:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Fixing Internet Security by Hacking the Business Climate |
''Bruce Schneier, Chief Security Technology Officer, BT'' | ''Bruce Schneier, Chief Security Technology Officer, BT'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | | + | | style="width:10%; background:#7B8ABD" | 10:00-10:45|| colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Projects |
''Dave Wichers, OWASP Foundation'' | ''Dave Wichers, OWASP Foundation'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 10: | + | | style="width:10%; background:#7B8ABD" | 10:45-11:05 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | | + | | style="width:10%; background:#7B8ABD" | 11:05-11:50 || style="width:30%; background:#BC857A" align="left" | OWASP "Google Hacking" Project |
''Christian Heinrich, OWASP "Google Hacking" Project Lead'' | ''Christian Heinrich, OWASP "Google Hacking" Project Lead'' | ||
| style="width:30%; background:#BCA57A" align="left" | Deploying Secure Web Applications with OWASP Resources | | style="width:30%; background:#BCA57A" align="left" | Deploying Secure Web Applications with OWASP Resources | ||
| Line 86: | Line 86: | ||
''Bart De Win, Ascure'' | ''Bart De Win, Ascure'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 11: | + | | style="width:10%; background:#7B8ABD" | 11:55-12:40 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API (ESAPI) Project |
''Dave Wichers, Aspect Security'' | ''Dave Wichers, Aspect Security'' | ||
| style="width:30%; background:#BCA57A" align="left" | ''[http://w3af.sf.net/ w3af]'', A framework to 0wn the web | | style="width:30%; background:#BCA57A" align="left" | ''[http://w3af.sf.net/ w3af]'', A framework to 0wn the web | ||
| Line 93: | Line 93: | ||
''Alexandru Bolboaca & Maria Diaconu, Mosaic Works'' | ''Alexandru Bolboaca & Maria Diaconu, Mosaic Works'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 12: | + | | style="width:10%; background:#7B8ABD" | 12:40-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF |
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | | + | | style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | OWASP ROI: Optimize Security Spending using OWASP |
''Matt Tesauro, Texas Education Agency'' | ''Matt Tesauro, Texas Education Agency'' | ||
| style="width:30%; background:#BCA57A" align="left" | CSRF: the nightmare becomes reality? | | style="width:30%; background:#BCA57A" align="left" | CSRF: the nightmare becomes reality? | ||
| Line 102: | Line 102: | ||
''Giorgio Fedon, Minded Security'' | ''Giorgio Fedon, Minded Security'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 14:15 | + | | style="width:10%; background:#7B8ABD" | 14:50-15:35 || style="width:30%; background:#BC857A" align="left" | HTTP Parameter Pollution |
''Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity'' | ''Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity'' | ||
| style="width:30%; background:#BCA57A" align="left" | OWASP Source Code Flaws Top 10 Project | | style="width:30%; background:#BCA57A" align="left" | OWASP Source Code Flaws Top 10 Project | ||
''Paolo Perego, Spike Reply'' | ''Paolo Perego, Spike Reply'' | ||
| − | | style="width:30%; background:#99FF99 | + | | style="width:30%; background:#99FF99" align="left" | Business Logic Attacks: Bots and Bats |
| − | |||
| − | |||
''Eldad Chai, Imperva'' | ''Eldad Chai, Imperva'' | ||
| − | |||
| − | |||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 15: | + | | style="width:10%; background:#7B8ABD" | 15:35-15:55 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 15: | + | | style="width:10%; background:#7B8ABD" | 15:55-16:40 || style="width:30%; background:#BC857A" align="left" | Factoring malware and organized crime in to Web application security |
''Gunter Ollmann, Damballa'' | ''Gunter Ollmann, Damballa'' | ||
| − | | style="width:30%; background:#BCA57A" align="left" | Can an accessible web application be secure? Assessment issues for security testers, developers and auditors | + | | style="width:30%; background:#BCA57A" align="left" | [http://michael-coates.blogspot.com/2009/05/application-worms-at-owasp-europe.html Real Time Defenses against Application Worms and Malicious Attackers], [http://www.linkedin.com/in/mcoates ''Michael Coates''], ''Aspect Security'' |
| + | | style="width:30%; background:#99FF99" align="left" | Can an accessible web application be secure? Assessment issues for security testers, developers and auditors | ||
''Colin Watson, Watson Hall Ltd'' | ''Colin Watson, Watson Hall Ltd'' | ||
| − | |||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 16: | + | | style="width:10%; background:#7B8ABD" | 16:45-17:45 || colspan="3" style="width:90%; background:#F2F2F2" align="center" | Panel discussion |
''Moderator: tbd, Panelists: tbd'' | ''Moderator: tbd, Panelists: tbd'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 17: | + | | style="width:10%; background:#7B8ABD" | 17:45-18:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Conference Wrap-Up & CTF Awards |
''Dave Wichers, OWASP Foundation'' | ''Dave Wichers, OWASP Foundation'' | ||
|- | |- | ||
|} | |} | ||
Latest revision as of 09:14, 11 May 2009
| Day 1 - May 13, 2009 | |||
|---|---|---|---|
| Track 1: Alfa 1 | Track 2: Alfa 2 | Track 3: Room 3 | |
| 08:00-08:50 | Registration and Coffee | ||
| 08:50-09:00 | Welcome to OWASP AppSec 2009 Conference
Sebastien Deleersnyder, OWASP Foundation | ||
| 09:00-10:00 | Keynote
Ross Anderson, Professor in Security Engineering, University of Cambridge | ||
| 10:00-10:45 | OWASP State of the Union
Dinis Cruz & Sebastien Deleersnyder, OWASP Foundation | ||
| 10:45-11:05 | Break - Expo | CTF Kick-Off
Andrzej | |
| 11:05-11:50 | OWASP Live CD: An open environment for Web Application Security
Matt Tesauro, Texas Education Agency |
Advanced SQL injection exploitation to operating system full control
Bernardo Damele Assumpcao Guimaraes, lead developer of sqlmap |
Mirage: building an application model made easy (OWASP Orizon v 1.2)
Paolo Perego, Spike Reply |
| 11:55-12:40 | OWASP Application Security Verification Standard (ASVS) Project
Dave Wichers, Aspect Security |
Tracking the effectiveness of an SDL program: lessons from the gym
Cassio Goldschmidt, Symantec Corporation |
I thought you were my friend Evil Markup, browser issues and other obscurities
Mario Heiderich, Business-IN |
| 12:40-14:00 | Lunch - Expo - CTF | ||
| 14:00-14:45 | Threat Modeling
John Steven, Cigital |
Web Application Harvesting
Esteban Ribičić, tbd |
Maturing Beyond Application Security Puberty
Roger Thornton, Fortify |
| 14:50-15:35 | Exploiting Web 2.0 – Next Generation Vulnerabilities
Shreeraj Shah, Blueinfy |
xx | When Security Isn’t Free: The Myth of Open Source Security
Rob Rachwald, Fortify |
| 15:35-15:55 | Break - Expo - CTF | ||
| 15:55-16:40 | The Software Assurance Maturity Model (SAMM)
Pravir Chandra, Cognosticus |
O2 - Advanced Source Code Analysis Toolkit
Dinis Cruz, Ounce Labs |
The Truth about Web Application Firewalls: What the vendors do not want you to know
Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity |
| 16:45-17:45 | Panel: tbd
tbd Moderator: tbd - Panelists: tbd | ||
| Day 2 - May 14, 2009 | |||
| Track 1: Alfa 1 | Track 2: Alfa 2 | Track 3: Room 3 | |
| 08:00-09:00 | Registration and Coffee | ||
| 09:00-09:00 | Fixing Internet Security by Hacking the Business Climate
Bruce Schneier, Chief Security Technology Officer, BT | ||
| 10:00-10:45 | OWASP Projects
Dave Wichers, OWASP Foundation | ||
| 10:45-11:05 | Break - Expo - CTF | ||
| 11:05-11:50 | OWASP "Google Hacking" Project
Christian Heinrich, OWASP "Google Hacking" Project Lead |
Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa, New York University |
Beyond security principles approximation in software architectures
Bart De Win, Ascure |
| 11:55-12:40 | OWASP Enterprise Security API (ESAPI) Project
Dave Wichers, Aspect Security |
w3af, A framework to 0wn the web | Brain's hardwiring and its impact on software development and secure software
Alexandru Bolboaca & Maria Diaconu, Mosaic Works |
| 12:40-14:00 | Lunch - Expo - CTF | ||
| 14:00-14:45 | OWASP ROI: Optimize Security Spending using OWASP
Matt Tesauro, Texas Education Agency |
CSRF: the nightmare becomes reality?
Lieven Desmet, University Leuven |
The Bank in the Browser - Defending web infrastructures from banking malware
Giorgio Fedon, Minded Security |
| 14:50-15:35 | HTTP Parameter Pollution
Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity |
OWASP Source Code Flaws Top 10 Project
Paolo Perego, Spike Reply |
Business Logic Attacks: Bots and Bats
Eldad Chai, Imperva |
| 15:35-15:55 | Break - Expo - CTF | ||
| 15:55-16:40 | Factoring malware and organized crime in to Web application security
Gunter Ollmann, Damballa |
Real Time Defenses against Application Worms and Malicious Attackers, Michael Coates, Aspect Security | Can an accessible web application be secure? Assessment issues for security testers, developers and auditors
Colin Watson, Watson Hall Ltd |
| 16:45-17:45 | Panel discussion
Moderator: tbd, Panelists: tbd | ||
| 17:45-18:00 | Conference Wrap-Up & CTF Awards
Dave Wichers, OWASP Foundation | ||
