This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2010"

From OWASP
Jump to: navigation, search
(1 Day Training)
Line 150: Line 150:
 
== 2 Day Training  ==
 
== 2 Day Training  ==
  
Coming Soon
+
==='''Leading the AppSec Initative''' | [[Leading the AppSec Initative|Course Detail]]===
 +
In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative.  This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance.  This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
  
 
== 1 Day Training ==
 
== 1 Day Training ==
Line 159: Line 160:
  
 
==='''The Art of Exploiting SQL Injections''' | [[The Art of Exploiting SQL Injections |Course Detail]]===
 
==='''The Art of Exploiting SQL Injections''' | [[The Art of Exploiting SQL Injections |Course Detail]]===
 
 
This is a full day hands on training course which will typically target penetration testers, security auditors/administrators  and even web developers  to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could result in (Authentication Bypass, Extraction of arbitrary sensitive data from the database, Access and compromise of the internal network)
 
This is a full day hands on training course which will typically target penetration testers, security auditors/administrators  and even web developers  to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could result in (Authentication Bypass, Extraction of arbitrary sensitive data from the database, Access and compromise of the internal network)
  

Revision as of 20:44, 21 September 2010

468x60-banner-2010.gif

Registration Now OPEN! | Hotel | Walter E. Washington Convention Center

Welcome

AppSec DC's CFP is CLOSED. Initial notifications are going out to select speakers at this time.

We are pleased to announce that the OWASP DC chapter will host the OWASP AppSecDC 2010 regional conference in Washington, DC. The AppSecDC conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSecDC 2010 will be held at the Walter E. Washington Convention Center (801 Mount Vernon Place NW Washington, DC 20001) on November 8th through 11th 2010.

Who Should Attend AppSec DC 2010:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security

Press Release June 3rd 2010 -- AppSec DC 2010 Conference Announcement and opening CFP & CFT!

Conference FAQ




AppSecDCMMXforsite.png

Use the #AppSecDC hashtag for your tweets (What are hashtags?)

@AppSecDC Twitter Feed (follow us on Twitter!) <twitter>34534108</twitter>

Registration

Register Here

Registration is now OPEN.
You can register via OWASP's CVENT tool here.

Registration Fees

Ticket Type Before 8/15 Regular Price After 10/15
Non-Member $445.00 $495.00 $545.00
Active OWASP Member $395.00 $445.00 $495.00
Student $195.00 $195.00 $245.00
Course Fee
1 Day Training $1495
2 Day Training $745

ATTENTION FEDERAL EMPLOYEES: Enter code ASDC10FED for $100 off, limited time only! (must register with your .gov or .mil email address)
For student discount, attendees must present proof of enrollment when picking up your badge.

Who Should Attend AppSec DC 2010

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security
  • Anyone interested in learning about or promoting Web Application Security


AppSec DC 2010 CVENT Info Page

Volunteer

Volunteers Needed!

Get involved!

We will take all the help we can get to pull off the best Web Application Security Conference of the year!

More opportunities and areas will be added as time goes on. Our Volunteer Guide can be downloaded which outlines some of the responsibilities and available positions.

To volunteer please email [email protected] or you can e-mail the Volunteer Coordinators Josh Feinblum and Jon Rose

Schedule

Schedule posted here

Training

Training

OWASP strives to provide world class training for a variety of skill levels and interests at its conferences. From the novice to the expert, developers to managers, there is a training course at AppSec DC for you! Classes will begin at 9 AM each day and run until 5 PM (Daily schedule set by the trainer). Morning refreshments and lunch will be provided. Check each course for the required materials.

Registration Now OPEN!

Price per attendee (conference Registration is a seperate item):

  • 2-Day Class $1495
  • 1-Day Class $745

2 Day Training

Leading the AppSec Initative | Course Detail

In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.

1 Day Training

WebAppSec.php: Developing Secure Web Applications | Course Detail

Web applications are the new frontier of wide‐spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types and risks will be reviewed (including OWASP’s Top 10), along with how the proper development practices can mitigate their damage. Although examples covered are PHP‐based, much of the content is also applicable to other languages.

The Art of Exploiting SQL Injections | Course Detail

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could result in (Authentication Bypass, Extraction of arbitrary sensitive data from the database, Access and compromise of the internal network)

To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario.

Practical Web Security Overview | Course Detail

The course gives an overview of the applicable security solutions in web applications, focusing on the most important technologies like Web Services, and tackling both transport-layer security and end-to-end security solutions. The most severe security threats of web-based technologies are introduced through a number of hands-on exercises, prepared in a plug-and-play manner by using a preset VMware virtual machine, including injection-related flaws, Cross Site Scripting, Cross Site Request Forgery, some other input validation-related bugs, improper use of cryptographic features, and many more.

Java Security Overview | Course Detail

The course on one hand introduces the basic security solutions provided by the Java language and the Java Runtime Environment, tackling issues like the Java Security Architecture and the security services of the Java Standard Edition. On the other hand it provides a comprehensive introduction to Java specific security vulnerabilities. Besides the presentations being continuously updated by the latest advances in the software development industry and the most recent achievements of our security research laboratory, attendees can learn how to use Java security features and can examine and correct typical implementation bugs in example source code snippets through a number of hands-on exercises, prepared in a plug-and-play manner by using a preset VMware virtual machine.

Contests

OWASP Member Door Prizes!

Are you an OWASP Member? At AppSecDC we will be giving away some amazing door prizes to some randomly selected OWASP members in attendance. You HAVE to be an OWASP member to be elligable, but if your not, you can easily add the $50 annual membership to your conference ticket and recieve $50 off admission. That's right, FREE OWASP MEMBERSHIP when combined with AppSec DC Registration! So remember to Register today with your OWASP membership!

Venue

Walter E. Washington Convention Center

AppSec DC 2010 will be taking place at the Walter E. Washington Convention Center in downtown Washington DC.

The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro, and only a few blocks from our convention hotel, the Grand Hyatt Washington (reserve rooms here).

Screen_shot_2009-10-03_at_12.55.55_PM.png

Hotel

The Grand Hyatt is our hotel sponsor again for this year. Hotel rooms can be booked at a discounted rate prior to October 15th using this link: https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908

Sponsors

Sponsors

We are currently soliciting sponsors for the AppSec DC Conference. Please refer to our sponsorship opportunities for details.

Slots are going fast so contact us to sponsor today!

Diamond Sponsors

AppSecDC2010-Sponsor-akamai.jpg
 

Gold Sponsors

AppSecDC2009-Sponsor-tenable.gif AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif
 

Silver Sponsors

AppSecDC2009-Sponsor-aspect.gif
 
 
 

Organizational Sponsors

AppSecDC2009-Sponsor-issa.gif Sponsor-isc2.gif
 

Reception Sponsors

Coffee Sponsors

Travel

Traveling to the DC Metro Area

The Washington DC Area is serviced by three airports -- Reagan National (DCA), Dulles (IAD), and Thurgood Marshall Baltimore/Washington International (BWI). All currently have available transportation to downtown DC via public transportation, shuttles, or cab.

Washington DC is also serviced by Amtrak, VRE, and MARC train lines, which arrive in Union Station, a few metro stops or a short cab ride away from the convention center and the Grand Hyatt.

If you live in the DC Metropolitan area, we suggest taking Metro to the event. The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro.

Conference Committee

Organizers

Mail List: [email protected]

Arch-Minions

Mail List: [email protected]