This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2009 Schedule"
From OWASP
Mark.bristow (talk | contribs) (→Back to Conference Page) |
Mark.bristow (talk | contribs) (→Back to Conference Page) |
||
Line 169: | Line 169: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45 | | width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher <br><br> Video | [[Media: none.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett | ||
Line 178: | Line 178: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe <br><br> Video | [[Media: Scalable Application Assessments in the Enterprise-Tom Parker Lars Ewe.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> Video | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> Video | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]] | ||
Line 187: | Line 187: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen <br><br> Video | [[Media: none.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> Video | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> Video | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]] | ||
Line 205: | Line 205: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo <br><br> Video | [[Media: none.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> Video | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]] | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> Video | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]] | ||
Line 213: | Line 213: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz<br><br> Video | [[Media: none.pdf| Slides]] |
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]] | | width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]] | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord | ||
Line 222: | Line 222: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55 | | width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55 | ||
− | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney | + | | width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney <br><br> Video | [[Media: Custom Intrusion Detection Techniques for Monitoring Web Applications-Matthew Olney.pdf| Slides]] |
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch | | width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch | ||
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam | | width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam | ||
Line 231: | Line 231: | ||
|- valign="bottom" | |- valign="bottom" | ||
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15 | | width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15 | ||
− | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson | + | | valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson<br> Video | [[Media: ClosingRemarks.pptx| Slides]] |
|} | |} | ||
<headertabs /> | <headertabs /> |
Revision as of 18:37, 20 November 2009
Back to Conference Page
Training 11/10
Day 1 - Nov 10th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | Room 155 | |
09:00-12:00 | Day 1: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 1: Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
Threat Modeling Express Krishna Raja Security Compass |
Foundations of Web Services and XML Security Dave Wichers Aspect Security |
Live CD Matt Tesauro |
Training 11/11
Day 2 - Nov 11th 2009 | |||||
Room 154A | Room 149B | Room 149A | Room 154B | ||
09:00-12:00 | Day 2: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Day 2: Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security | |
12:00-13:00 | Lunch | ||||
13:00-17:00 | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle |
Java EE Secure Code Review Sahba Kazerooni Security Compass |
WebAppSec.php: Developing Secure Web Applications Robert Zakon |
Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security |