This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2010 Schedule"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
#REDIRECT [[:Category:OWASP AppSec DC 2010 Schedule]]
 
#REDIRECT [[:Category:OWASP AppSec DC 2010 Schedule]]
 +
 +
__NOTOC__
 +
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
 +
 +
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 +
===[[OWASP AppSec DC 2010|Back to Conference Page]]===
 +
 +
====Training 11/08====
 +
{| cellspacing="0" border="2"
 +
|- valign="middle"
 +
| height="60" align="center" colspan="6" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 1 - Nov 10th 2009'''</font>
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 +
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room TBD'''
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | <br>Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00
 +
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="5" | Lunch
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Class<br>Instructor| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | <br>Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
 +
<!-- Training Day 2 -->
 +
|}
 +
====Training 11/09====
 +
{| cellspacing="0" border="2"
 +
|- valign="middle"
 +
| height="60" align="center" colspan="6" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 2 - Nov 11th 2009'''</font>
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 +
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room TBD'''
 +
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room TBD'''
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 2:<br>Class<br>Instructor| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00
 +
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
 +
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
 +
<!-- Training Day 2 -->
 +
|}
 +
====Talks 11/10====
 +
{| cellspacing="0" border="2"
 +
|- valign="middle"
 +
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 1 - Nov 12th 2009'''</font>
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 +
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP (146A)'''
 +
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools (146B)'''
 +
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Web 2.0 (146C)'''
 +
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''SDLC (152A)'''
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:50
 +
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 08:50-09:00
 +
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
 +
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]]<br>Video | [[Media: Keynote - Joe Jarzombek.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
 +
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | [[Media:OWASP-US09 all about owasp speech and summit outcome.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
 +
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams <br><br> Video | [[Media: OWASP ESAPI-Jeff Williams.pptx| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann <br><br> Video | [[Media: Clubbing WebApps with a Botnet - Gunter Ollmann.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst<br><br> Video | [[Media: Understanding the Implications of Cloud Computing on Application Security-Dennis Hurst.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey <br><br> Video | [[Media: Enterprise Application Security GEs approach to solving root cause-Darren Challey.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30
 +
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra <br><br> Video | [[Media: Software Assurance Maturity Model (SAMM)-Pravir Chandra.ppt| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger<br><br> Video | [[Media: Transparent Proxy Abuse-Robert Auger.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini<br><br> Video | [[Media: Software Development The Next Security Frontier-Jim Molini.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li <br><br> Video | [[Media: DISAs Application Security and Development STIG How OWASP Can Help You-Jason Li.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett <br><br> Video | [[Media: OWASP ModSecurity Core Rule Set-Ryan Barnett.ppt| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe <br><br> Video | [[Media: Development Issues Within AJAX Apps-Lars Ewe.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"  | [[SDLC Panel AppSecDC|Secure SDLC Panel: Real answers from real experience]]<br><i>Panelists:</i><br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>Keith Turpin<br>&nbsp;<br><i>Moderator:</i><br>Pravir Chandra<br><br> Video | [[Media: SDLC Panel.ppt| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
 +
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates <br><br> Video | [[Media: Defend Yourself-Integrating Real Time Defenses into Online Applications-Michael Coates.pdf| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber <br><br> Video | [[Media: Finding the Hotspots Web-security testing with the Watcher tool-Chris Weber.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson<br><br> [http://www.vimeo.com/9037895 Video] | [[Media: Social Zombies-Kevin Johnson Tom Eston.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 2:55-3:10
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:10-3:55
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi <br><br> Video | [[Media: The ESAPI Web Application Firewall-Arshan Dabirsiaghi.pdf| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna <br><br> Video | [[Media: One Click Ownage-Ferruh Mavituna.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey<br><br> [http://www.vimeo.com/8980691 Video] | [[Media: Cloudy with a chance of 0 day - Jon Rose-Tom Leavey.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk <br><br> Video | [[Media: The essential role of IR in software development-Kenneth van Wyk.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura <br><br> Video | [[Media: Web Application Security Scanner Evaluation Criteria - Brian Shura.ppt | Slides]]
 +
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:00-4:45
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey <br><br> Video | [[Media: OWASP Live CD An open environment for Web Application Security-Matt Tesauro Brad Causey.ppt| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis<br><br> Video | [[Media: Learning by Breaking A New Project Insecure Web Apps-Chuck Willis.ppt| Slides]] 
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield<br><br> Video | [[Media: Attacking WCF Web Services-Brian Holyfield.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell <br><br> Video | [[Media: Vulnerability Management in an Application Security World-Dan Cornell.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br>
 +
Josh Abraham <br><br> Video | [[Media: Synergy A world where tools communicate-Josh Abraham.pptx| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:50-5:55
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner <br><br> Video | [[Media: The Entrepreneurs Guide to Career Management-Lee Kushner.pdf| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates <br><br> Video | [[Media: Advanced SSL The good the bad and the ugly-Michael Coates.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies]]<br>Rafal Los<br><br> Video | [[Media: When Web 2.0 Attacks - Understanding Security Implications of Highly Interactive Technologies-Rafal Los.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven <br><br> Video | [[Media: none.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco<br><br> Video | [[Media: User input piercing for Cross Site Scripting Attacks-Matias Blanco.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-8:00
 +
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (151)<br>Sponsored by [[Image:AppSecDC2009-Sponsor-cenzic.gif|link=http://www.cenzic.com/]]<!-- Day 2 -->
 +
|}
 +
====Talks 11/11====
 +
{| cellspacing="0" border="2"
 +
|- valign="middle"
 +
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Day 2 - Nov 13th 2009'''</font>
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;
 +
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)'''
 +
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack &amp; Defend (146B)'''
 +
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)'''
 +
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)'''
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 8:00-9:00
 +
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration & Coffee sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher <br><br> Video | [[Media: none.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja <br><br> Video | [[Media: Securing the Core JEE Patterns-Rohit Sethi Krishna Raja.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett <br><br> [http://www.vimeo.com/8998992 Video] | [[Media: Web Hacking Incidents Database-Ryan Barnett.pdf | Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Amichai Shulman<br><br> [http://www.vimeo.com/9037171 Video] | [[Media: Business Logic Automatons - Friend or Foe - Amichai Shulman.pptx| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe <br><br> Video | [[Media: Scalable Application Assessments in the Enterprise-Tom Parker Lars Ewe.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] 
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> [http://www.vimeo.com/9007894 Video] | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen <br><br> Video | [[Media: none.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber<br><br> Video | [[Media: Unicode Transformations Finding Elusive Vulnerabilities-Chris Weber.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> [http://www.vimeo.com/9006276 Video] | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin<br><br> Video | [[Media: Secure SDLC The Good The Bad The Ugly-Joey Peloquin.ppt| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:25-12:30
 +
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott<br><br> Video | [[Media: Cory Scott - Improving AppSec after an incident.ppt| Slides]] 
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen <br><br> Video | [[Media: The 10 least-likely and most dangerous people on the Internet - Robert Hansen.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan <br><br> Video | [http://www.owasp.org/images/0/06/WPstats_fall09_8th.pdf Slides]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] <br><br> Video
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo <br><br> Video | [http://www.owasp.org/images/7/72/US09-OWASP-Deploying-Apps_Seba_-_Fabio.ppt Slides]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson <br><br> Video | [[Media: Automated vs Manual Security You can't filter The Stupid-David Byrne Charles Henderson.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> [http://www.vimeo.com/8989378 Video] | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Coffee break sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz<br><br> Video | [http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf Slides]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord <br><br> Video | [[Media: The OWASP Security Spending Benchmarks Project - Dr Boaz Gelbord.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 3:05-3:10
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney <br><br> Video | [[Media: Custom Intrusion Detection Techniques for Monitoring Web Applications-Matthew Olney.pdf| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch <br><br> Video | [[Media: Manipulating Web App Interfaces - Felipe Moreno.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam <br><br> Video | [[Media: SANS Dshield Webhoneypot-Jason Lam.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15
 +
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson<br> Video | [[Media: ClosingRemarks.pptx| Slides]]
 +
|}
 +
<headertabs />
 +
 +
===[[OWASP AppSec DC 2010|Back to Conference Page]]===
 +
 +
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_09]]
 +
  
 
[[Category:OWASP_AppSec_DC_2010]]
 
[[Category:OWASP_AppSec_DC_2010]]

Revision as of 19:19, 22 September 2010

Redirect to:

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Back to Conference Page

Training 11/08

Day 1 - Nov 10th 2009
  Room TBD Room TBD Room TBD Room TBD Room TBD
09:00-12:00 Day 1:
Class
Instructor 		Day 1:
Class
Instructor 		Class
Instructor| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" |
Class
Instructor 		Class
Instructor
12:00-13:00 Lunch
13:00-17:00 Class
Instructor 		Class
Instructor| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" |
Class
Instructor 		Class
Instructor 		Class
Instructor

Training 11/09

Day 2 - Nov 11th 2009
  Room TBD Room TBD Room TBD Room TBD Room TBD
09:00-12:00 Day 2:
Class
Instructor| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:
Class
Instructor 		Class
Instructor 		Class
Instructor
12:00-13:00 Lunch
13:00-17:00 Class
Instructor 		Class
Instructor 		Class
Instructor 		Class
Instructor

Talks 11/10

Day 1 - Nov 12th 2009
  OWASP (146A) Tools (146B) Web 2.0 (146C) SDLC (152A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
Video | Slides
10:00-10:30 All about OWASP OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
10:45-11:30 OWASP ESAPI
Jeff Williams

Video | Slides 		Clubbing WebApps with a Botnet
Gunter Ollmann

Video | Slides 		Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst

Video | Slides 		Enterprise Application Security - GE's approach to solving root cause
Darren Challey

Video | Slides
11:30-12:30 Hosted Lunch
12:30-1:15 Software Assurance Maturity Model (SAMM)
Pravir Chandra

Video | Slides 		The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West

Video | Slides 		Transparent Proxy Abuse
Robert Auger

Video | Slides 		Software Development The Next Security Frontier
Jim Molini

Video | Slides
1:15-1:20 Break
1:20-2:05 DISA's Application Security and Development STIG: How OWASP Can Help You
Jason Li

Video | Slides 		OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett

Video | Slides 		Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe

Video | Slides 		Secure SDLC Panel: Real answers from real experience
Panelists:
Dan Cornell
Michael Craigue
Dennis Hurst
Joey Peloquin
Keith Turpin
 
Moderator:
Pravir Chandra

Video | Slides
2:05-2:10 Break
2:10-2:55 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates

Video | Slides 		Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber

Video | Slides 		Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson

Video | Slides
2:55-3:10 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
3:10-3:55 The ESAPI Web Application Firewall
Arshan Dabirsiaghi

Video | Slides 		One Click Ownage
Ferruh Mavituna

Video | Slides 		Cloudy with a chance of 0-day
Jon Rose/Tom Leavey

Video | Slides 		The essential role of infosec in secure software development
Kenneth R. van Wyk

Video | Slides
Web Application Security Scanner Evaluation Criteria
Brian Shura

Video | Slides
3:55-4:00 Break
4:00-4:45 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey

Video | Slides 		Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis

Video | Slides 		Attacking WCF Web Services
Brian Holyfield

Video | Slides 		Vulnerability Management in an Application Security World
Dan Cornell

Video | Slides
Synergy! A world where the tools communicate

Josh Abraham

Video | Slides

4:45-4:50 Break
4:50-5:55 The Entrepreneur's Guide to Career Management
Lee Kushner

Video | Slides 		Advanced SSL: The good, the bad, and the ugly
Michael Coates

Video | Slides 		When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies
Rafal Los

Video | Slides 		Threat Modeling
John Steven

Video | Slides
User input piercing for Cross Site Scripting Attacks
Matias Blanco

Video | Slides
6:00-8:00 Cocktails and hors d'oeuvres in the EXPO Room (151)
Sponsored by AppSecDC2009-Sponsor-cenzic.gif

Talks 11/11

Day 2 - Nov 13th 2009
  Process (146A) Attack & Defend (146B) Metrics (146C) Compliance (152A)
8:00-9:00 Registration & Coffee sponsored by AppSecDC2009-Sponsor-fyrm.gif
9:00-9:45 The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher

Video | Slides 		Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja

Video | Slides 		The Web Hacking Incidents Database
Ryan C. Barnett

Video | Slides 		Business Logic Automatons: Friend or Foe?
Amichai Shulman

Video | Slides
9:45-9:50 Break
9:50-10:35 Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe

Video | Slides 		Malicious Developers and Enterprise Java Rootkits
Jeff Williams

Video | Slides 		Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal

Video | Slides 		SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis

Video | Slides
10:35-10:40 Break
10:40-11:25 Secure Software Updates: Update Like Conficker
Jeremy Allen

Video | Slides 		Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber

Video | Slides 		OWASP Top 10 - 2010
Release Candidate
Dave Wichers

Video | Slides 		Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin

Video | Slides
11:25-12:30 Hosted Lunch
12:30-1:15 Improving application security after an incident
Cory Scott

Video | Slides 		The 10 least-likely and most dangerous people on the Internet
Robert Hansen

Video | Slides 		Hacking by Numbers
Tom Brennan

Video | Slides 		Federal CISO Panel

Video
1:15-1:20 Break
1:20-2:05 Deploying Secure Web Applications with OWASP Resources
Sebastien Deleersnyder / Fabio Cerullo

Video | Slides 		Automated vs. Manual Security: You can't filter The Stupid
David Byrne/Charles Henderson

Video | Slides 		Building an in-house application security assessment team
Keith Turpin

Video | Slides
2:05-2:20 Coffee break sponsored by AppSecDC2009-Sponsor-fyrm.gif
2:20-3:05 OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Dinis Cruz

Video | Slides 		Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio

Video | Slides 		The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord

Video | Slides 		Promoting Application Security within Federal Government
Sarbari Gupta

Video | Slides
3:05-3:10 Break
3:10-3:55 Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney

Video | Slides 		Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch

Video | Slides 		SANS Dshield Webhoneypot Project
Jason Lam

Video | Slides 		Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy

Video | Slides
3:55-4:00 Break
4:00-4:15 Closing Remarks (146B)
Mark Bristow, Rex Booth, Doug Wilson
Video | Slides

Back to Conference Page

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2010_Schedule&oldid=89796"