Difference between revisions of "OWASP AppSec DC 2009 Schedule"

Revision as of 23:20, 28 September 2009

Day 1 - Nov 12th 2009
	OWASP	Tools	SDLC	Web 2.0
07:30-09:00	Registration
08:45-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote: Joe Jarzombek
10:30-10:30	Coffee Break & Room Change
10:30-11:30	OWASP ESAPI Jeff Williams	Clubbing WebApps with a Botnet Gunter Ollmann	Enterprise Application Security - GE's approach to solving root cause Darren Challey	Understanding the Implications of Cloud Computing on Application Security Dennis Hurst
11:30-12:30	Software Assurance Maturity Model (SAMM) Pravir Chandra	The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security Jacob West	TBD	Transparent Proxy Abuse Robert Auger
12:30-13:30	DISA's Application Security and Development STIG: How OWASP Can Help You Jason Li	OWASP ModSecurity Core Rule Set Project Ryan C. Barnett	The essential role of infosec in secure software development Kenneth R. van Wyk	Development Issues Within AJAX Applications: How to Divert Threats Lars Ewe
13:30-14:30	Lunch
14:30-15:30	Defend Yourself: Integrating Real Time Defenses into Online Applications Michael Coates	Finding the Hotspots: Web-security testing with the Watcher tool Chris Weber	SDLC Panel	Social Zombies: Your Friends Want to Eat Your Brains Tom Eston/Kevin Johnson
15:30-16:30	The ESAPI Web Application Firewall Arshan Dabirsiaghi	One Click Ownage Ferruh Mavituna		Cloudy with a chance of 0-day Jon Rose/Tom Leavey
15:30-16:30	The ESAPI Web Application Firewall Arshan Dabirsiaghi	Web Application Security Scanner Evaluation Criteria Brian Shura		Cloudy with a chance of 0-day Jon Rose/Tom Leavey
16:30-17:30	OWASP Live CD: An open environment for Web Application Security Matt Tesauro / Brad Causey	Learning by Breaking: A New Project Insecure Web Apps Chuck Willis	Vulnerability Management in an Application Security World Dan Cornell	Attacking WCF Web Services Brian Holyfield
16:30-17:30		Synergy! A world where the tools communicate Josh Abraham		Attacking WCF Web Services Brian Holyfield
17:30-18:30	The Entrepreneur's Guide to Career Management Lee Kushner	Advanced SSL: The good, the bad, and the ugly Michael Coates	Threat Modeling John Steven	When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies Rafal Los
17:30-18:30	The Entrepreneur's Guide to Career Management Lee Kushner	User input piercing for Cross Site Scripting Attacks Matias Blanco	Threat Modeling John Steven
19:00-????	Reception

Day 2 - Nov 13th 2009
	Attack & Defend	Process	Metrics	Compliance
07:30-09:00	Registration
09:00-10:00	Keynote: TBA
10:30-10:30	Coffee Break & Room Change
10:30-11:30	Securing the Core JEE Patterns Rohit Sethi/Krishna Raja	The Big Picture: Web Risks and Assessments Beyond Scanning Matt Fisher	The Web Hacking Incidents Database Ryan C. Barnett	Business Logic Automatons: Friend or Foe? Ofer Shezaf
11:30-12:30	Unicode Transformations: Finding Elusive Vulnerabilities Chris Weber	Scalable Application Assessments in the Enterprise Tom Parker/Lars Ewe	Application security metrics from the organization on down to the vulnerabilities Chris Wysopal	SCAP: Automating our way out of the Vulnerability Wheel of Pain Ed Bellis
12:30-13:30	Fox in the Henhouse: Java Rootkits Jeff Williams	Secure Software Updates: Update Like Conficker Jeremy Allen	OWASP Top 10 2009 Dave Wichers	Secure SDLC: The Good, The Bad, and The Ugly Joey Peloquin
13:30-14:30	Lunch
14:30-15:30	The 10 least-likely and most dangerous people on the Internet Robert Hansen	Improving application security after an incident Cory Scott	Hacking by Numbers Tom Brennan	Federal CIO Pannel
15:30-16:30	Automated vs. Manual Security: You can't filter The Stupid David Byrne/Charles Henderson	Custom Intrusion Detection Techniques for Monitoring Web Applications Matthew Olney	Building an in-house application security assessment team Keith Turpin	Federal CIO Pannel
16:30-17:30	Advanced SQL Injection Joe McCray	Is your organization secured against internal threats? Lars Ewe	The OWASP Security Spending Benchmarks Project Dr. Boaz Gelbord	Promoting Application Security within Federal Government Sarbari Gupta
17:30-18:30	Manipulating Web Application Interfaces, a new approach to input validation Felipe Moreno-Strauch	Deploying Secure Web Applications with OWASP Resources Kuai Hinojosa	SANS Dshield Webhoneypot Project Jason Lam	Techniques in Attacking and Defending XML/Web Services Mamoon Yunus/Jason Macy
17:30-18:30	Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers Kevin Johnson, Justin Searle, Frank DiMaggio		SANS Dshield Webhoneypot Project Jason Lam
18:30-19:00	Closing Remarks

@@ Line 24: / Line 24: @@
 | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst
 |- valign="bottom"
@@ Line 30: / Line 30: @@
 | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West
-| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey
+| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | TBD
 | width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger
 |- valign="bottom"
@@ Line 37: / Line 37: @@
 | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett
 | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk
-| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Fracturing Flex For Fun- An Alliterative Attackers Approach]]<br>Jon Rose/Kevin Stadmeyer
+| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe
 |- valign="bottom"
 | width="67" valign="middle" height="60" bgcolor="#7b8abd" | 13:30-14:30

Difference between revisions of "OWASP AppSec DC 2009 Schedule"

Revision as of 23:20, 28 September 2009

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools