This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mrb Scratchpad"

From OWASP
Jump to: navigation, search
Line 16: Line 16:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]]<br>National Institute of Standards and Technology<br>Video | Slides
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote by Ron Ross<br>National Institute of Standards and Technology
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15  
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Trustwave30x150.png|link=https://www.trustwave.com/‎‎]]  
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Trustwave30x150.png]]
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Hacking SAP BusinessObjects<br><br>Joshua Abraham and Will Vandevanter
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Cloudy with a chance of hack!<br><br>Lars Ewe
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!]]<br>Jeff Williams<br><br>Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!<br><br>Jeff Williams
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers<br><br>Dan Cornell
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05  
Line 31: Line 31:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Deconstructing ColdFusion <br><br>Chris Eng and Brandon Creighton
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Mozilla Foundation<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Declarative Web Security<br><br>Mozilla Foundation
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | The Secure Coding Practices Quick Reference Guide<br><br>Keith Turpin
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Code Reviewing Strategies<br><br>Andrew Wilson and John Hoopes  
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55  
Line 40: Line 40:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Friendly Traitor 2 Features are hot but giving up our secrets is not!<br><br>Kevin Johnson and Mike Poor
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files<br><br>Aleksandr Yampolskiy
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Open Source Web Entry Firewall<br><br>Ivan Buetler
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Microsoft's Security Development Lifecycle for Agile Development<br><br>Nick Coblentz
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40  
Line 49: Line 49:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>Jon McCoy<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Hacking .NET Applications at Runtime: A Dynamic Attack<br><br>Jon McCoy
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Life in the Clouds: a Service Provider's View<br><br>Michael Smith
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Solving Real World Problems with ESAPI<br><br>Chris Schmidt 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Financial Services Panel]]<br><br>Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Financial Services Panel
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30  
Line 58: Line 58:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | JavaSnoop: How to hack anything written in Java<br><br>Arshan Dabirsiaghi
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Social Zombies Gone Wild: Totally Exposed and Uncensored<br><br>Kevin Johnson and Tom Eston  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Attack Detection and Prevention with OWASP AppSensor<br><br>Colin Watson
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30  
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC-2010-Syngress75x30.gif‎‎|link=http://www.syngress.com/]]
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC-2010-Syngress75x30.gif]]
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 3:30-4:15  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 3:30-4:15  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | Slides]
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Unlocking the Toolkit: Attacking Google Web Toolkit<br><br>Ron Gutierrez
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications<br><br>Dan Cornell
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | OWASP ModSecurity Core Rule Set<br><br>Ryan Barnett
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Implementing a Secure Software Development Program<br><br>Darren Death
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:15-4:20  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:15-4:20  
Line 75: Line 75:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Constricting the Web: Offensive Python for Web Hackers<br><br>Marcin Wielgoszewski and Nathan Hamiel  
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Threats from Economical Improvement<br><br>Eduardo Neves
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | OWASP ESAPI SwingSet<br><br>Fabio Cerullo
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform<br><br>Benjamin Tomhave
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30  
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30  
 
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes<br>The OWASP AppSec DC Team<!-- Day 2 -->
 
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes<br>The OWASP AppSec DC Team<!-- Day 2 -->
 
|}
 
|}

Revision as of 18:40, 3 November 2010

Plenary Day 2 - Nov 11th 2010
  Offense (147B) New Frontiers (147A) OWASP (145B) Process (145A)
07:30-08:55 Registration
08:55-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote by Ron Ross
National Institute of Standards and Technology
10:00-10:15 Coffee Break sponsored by Trustwave30x150.png
10:15-11:00 Hacking SAP BusinessObjects

Joshua Abraham and Will Vandevanter 		Cloudy with a chance of hack!

Lars Ewe 		Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!

Jeff Williams 		Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers

Dan Cornell
11:00-11:05 Break
11:05-11:50 Deconstructing ColdFusion

Chris Eng and Brandon Creighton 		Declarative Web Security

Mozilla Foundation 		The Secure Coding Practices Quick Reference Guide

Keith Turpin 		Code Reviewing Strategies

Andrew Wilson and John Hoopes
11:50-11:55 Break
11:55-12:40 Friendly Traitor 2 Features are hot but giving up our secrets is not!

Kevin Johnson and Mike Poor 		Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files

Aleksandr Yampolskiy 		Open Source Web Entry Firewall

Ivan Buetler 		Microsoft's Security Development Lifecycle for Agile Development

Nick Coblentz
12:40-1:40 Lunch
1:40-2:25 Hacking .NET Applications at Runtime: A Dynamic Attack

Jon McCoy 		Life in the Clouds: a Service Provider's View

Michael Smith 		Solving Real World Problems with ESAPI

Chris Schmidt 		Financial Services Panel
2:25-2:30 Break
2:30-3:15 JavaSnoop: How to hack anything written in Java

Arshan Dabirsiaghi 		Social Zombies Gone Wild: Totally Exposed and Uncensored

Kevin Johnson and Tom Eston 		Attack Detection and Prevention with OWASP AppSensor

Colin Watson
3:15-3:30 Coffee Break sponsored by AppSecDC-2010-Syngress75x30.gif
3:30-4:15 Unlocking the Toolkit: Attacking Google Web Toolkit

Ron Gutierrez 		Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications

Dan Cornell 		OWASP ModSecurity Core Rule Set

Ryan Barnett 		Implementing a Secure Software Development Program

Darren Death
4:15-4:20 Break
4:20-5:05 Constricting the Web: Offensive Python for Web Hackers

Marcin Wielgoszewski and Nathan Hamiel 		Threats from Economical Improvement

Eduardo Neves 		OWASP ESAPI SwingSet

Fabio Cerullo 		The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform

Benjamin Tomhave
5:05-5:30 Closing Remarks/Prizes
The OWASP AppSec DC Team
Retrieved from "https://wiki.owasp.org/index.php?title=Mrb_Scratchpad&oldid=92289"